ID

VAR-202104-0334


CVE

CVE-2021-22876


TITLE

Haxx libcurl Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202103-1706

DESCRIPTION

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. This could lead to exposure of the credentials to the server to which requests were redirected. (CVE-2021-22876) A vulnerability was found in curl where a flaw in the option parser for sending NEW_ENV variables libcurl can pass uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol. The highest threat from this vulnerability is to confidentiality. (CVE-2021-22898). Bugs fixed (https://bugzilla.redhat.com/): 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Security Fix(es): * curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876) * curl: Bad connection reuse due to flawed path name checks (CVE-2021-22924) * curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946) * curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks 2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols 2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202105-36 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: cURL: Multiple vulnerabilities Date: May 26, 2021 Bugs: #779535, #792192 ID: 202105-36 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code. Background ========== A command line tool and library for transferring data with URLs. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.77.0 >= 7.77.0 Description =========== Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All cURL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.77.0" References ========== [ 1 ] CVE-2021-22876 https://nvd.nist.gov/vuln/detail/CVE-2021-22876 [ 2 ] CVE-2021-22890 https://nvd.nist.gov/vuln/detail/CVE-2021-22890 [ 3 ] CVE-2021-22898 https://nvd.nist.gov/vuln/detail/CVE-2021-22898 [ 4 ] CVE-2021-22901 https://nvd.nist.gov/vuln/detail/CVE-2021-22901 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202105-36 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Clusters and applications are all visible and managed from a single console — with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/ Security fixes: * CVE-2021-3795 semver-regex: inefficient regular expression complexity * CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 Related bugs: * RHACM 2.2.10 images (Bugzilla #2013652) 3. Bugs fixed (https://bugzilla.redhat.com/): 2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity 2013652 - RHACM 2.2.10 images 5. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files 5. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1997017 - unprivileged client fails to get guest agent data 1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import 2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed 2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion 2007336 - 4.8.3 containers 2007776 - Failed to Migrate Windows VM with CDROM (readonly) 2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted 2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues 2026881 - [4.8.3] vlan-filtering is getting applied on veth ports 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ACS 3.67 security and enhancement update Advisory ID: RHSA-2021:4902-01 Product: RHACS Advisory URL: https://access.redhat.com/errata/RHSA-2021:4902 Issue date: 2021-12-01 CVE Names: CVE-2018-20673 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2020-27304 CVE-2021-3200 CVE-2021-3445 CVE-2021-3580 CVE-2021-3749 CVE-2021-3800 CVE-2021-3801 CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-23343 CVE-2021-23840 CVE-2021-23841 CVE-2021-27645 CVE-2021-28153 CVE-2021-29923 CVE-2021-32690 CVE-2021-33560 CVE-2021-33574 CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-39293 ===================================================================== 1. Summary: Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes: OpenShift Dedicated support RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform. 1. Use OpenShift OAuth server as an identity provider If you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS. 2. Enhancements for CI outputs Red Hat has improved the usability of RHACS CI integrations. CI outputs now show additional detailed information about the vulnerabilities and the security policies responsible for broken builds. 3. Runtime Class policy criteria Users can now use RHACS to define the container runtime configuration that may be used to run a pod’s containers using the Runtime Class policy criteria. Security Fix(es): * civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API (CVE-2020-27304) * nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749) * nodejs-prismjs: ReDoS vulnerability (CVE-2021-3801) * golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) * helm: information disclosure vulnerability (CVE-2021-32690) * golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293) * nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fixes The release of RHACS 3.67 includes the following bug fixes: 1. Previously, when using RHACS with the Compliance Operator integration, RHACS did not respect or populate Compliance Operator TailoredProfiles. This has been fixed. 2. Previously, the Alpine Linux package manager (APK) in Image policy looked for the presence of apk package in the image rather than the apk-tools package. This issue has been fixed. System changes The release of RHACS 3.67 includes the following system changes: 1. Scanner now identifies vulnerabilities in Ubuntu 21.10 images. 2. The Port exposure method policy criteria now include route as an exposure method. 3. The OpenShift: Kubeadmin Secret Accessed security policy now allows the OpenShift Compliance Operator to check for the existence of the Kubeadmin secret without creating a violation. 4. The OpenShift Compliance Operator integration now supports using TailoredProfiles. 5. The RHACS Jenkins plugin now provides additional security information. 6. When you enable the environment variable ROX_NETWORK_ACCESS_LOG for Central, the logs contain the Request URI and X-Forwarded-For header values. 7. The default uid:gid pair for the Scanner image is now 65534:65534. 8. RHACS adds a new default Scope Manager role that includes minimum permissions to create and modify access scopes. 9. If microdnf is part of an image or shows up in process execution, RHACS reports it as a security violation for the Red Hat Package Manager in Image or the Red Hat Package Manager Execution security policies. 10. In addition to manually uploading vulnerability definitions in offline mode, you can now upload definitions in online mode. 11. You can now format the output of the following roxctl CLI commands in table, csv, or JSON format: image scan, image check & deployment check 12. You can now use a regular expression for the deployment name while specifying policy exclusions 3. Solution: To take advantage of these new features, fixes and changes, please upgrade Red Hat Advanced Cluster Security for Kubernetes to version 3.67. 4. Bugs fixed (https://bugzilla.redhat.com/): 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2005445 - CVE-2021-3801 nodejs-prismjs: ReDoS vulnerability 2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) 2016640 - CVE-2020-27304 civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API 5. JIRA issues fixed (https://issues.jboss.org/): RHACS-65 - Release RHACS 3.67.0 6. References: https://access.redhat.com/security/cve/CVE-2018-20673 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-27304 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3801 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-20266 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-23343 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-27645 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-32690 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-33574 https://access.redhat.com/security/cve/CVE-2021-35942 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-39293 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYafeGdzjgjWX9erEAQgZ8Q/9H5ov4ZfKZszdJu0WvRMetEt6DMU2RTZr Kjv4h4FnmsMDYYDocnkFvsRjcpdGxtoUShAqD6+FrTNXjPtA/v1tsQTJzhg4o50w tKa9T4aHfrYXjGvWgQXJJEGmGaYMYePUOv77x6pLfMB+FmgfOtb8kzOdNzAtqX3e lq8b2DrQuPSRiWkUgFM2hmS7OtUsqTIShqWu67HJdOY74qDN4DGp7GnG6inCrUjV x4/4X5Fb7JrAYiy57C5eZwYW61HmrG7YHk9SZTRYgRW0rfgLncVsny4lX1871Ch2 e8ttu0EJFM1EJyuCJwJd1Q+rhua6S1VSY+etLUuaYme5DtvozLXQTLUK31qAq/hK qnLYQjaSieea9j1dV6YNHjnvV0XGczyZYwzmys/CNVUxwvSHr1AJGmQ3zDeOt7Qz vguWmPzyiob3RtHjfUlUpPYeI6HVug801YK6FAoB9F2BW2uHVgbtKOwG5pl5urJt G4taizPtH8uJj5hem5nHnSE1sVGTiStb4+oj2LQonRkgLQ2h7tsX8Z8yWM/3TwUT PTBX9AIHwt8aCx7XxTeEIs0H9B1T9jYfy06o9H2547un9sBoT0Sm7fqKuJKic8N/ pJ2kXBiVJ9B4G+JjWe8rh1oC1yz5Q5/5HZ19VYBjHhYEhX4s9s2YsF1L1uMoT3NN T0pPNmsPGZY= =ux5P -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary: An update is now available for OpenShift Logging 5.2. Description: Openshift Logging Bug Fix Release (5.2.3) Security Fix(es): * nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369) * nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1857 - OpenShift Alerting Rules Style-Guide Compliance LOG-1904 - [release-5.2] Fix the Display of ClusterLogging type in OLM LOG-1916 - [release-5.2] Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server 6

Trust: 1.71

sources: NVD: CVE-2021-22876 // VULMON: CVE-2021-22876 // PACKETSTORM: 165286 // PACKETSTORM: 166714 // PACKETSTORM: 162817 // PACKETSTORM: 165209 // PACKETSTORM: 166051 // PACKETSTORM: 165135 // PACKETSTORM: 165129 // PACKETSTORM: 165002

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:8.2.0

Trust: 1.0

vendor:oraclemodel:essbasescope:eqversion:21.2

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:8.2.12

Trust: 1.0

vendor:haxxmodel:libcurlscope:lteversion:7.75.0

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:broadcommodel:fabric operating systemscope:eqversion: -

Trust: 1.0

vendor:netappmodel:hci storage nodescope:eqversion: -

Trust: 1.0

vendor:haxxmodel:libcurlscope:gteversion:7.1.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:eqversion:9.1.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:9.0.6

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:9.0.0

Trust: 1.0

vendor:netappmodel:hci compute nodescope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

sources: NVD: CVE-2021-22876

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22876
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202103-1706
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-22876
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22876
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2021-22876
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2021-22876 // CNNVD: CNNVD-202103-1706 // NVD: CVE-2021-22876

PROBLEMTYPE DATA

problemtype:CWE-359

Trust: 1.0

problemtype:CWE-200

Trust: 1.0

sources: NVD: CVE-2021-22876

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 165129 // CNNVD: CNNVD-202103-1706

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202103-1706

PATCH

title:HAXX libcurl Repair measures for information disclosure vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=146576

Trust: 0.6

title:Debian CVElist Bug Report Logs: curl: CVE-2021-22876url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=dc9338ed355a659e53e38756033db037

Trust: 0.1

title:Red Hat: Moderate: rh-dotnet31-curl security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221354 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2021-1509url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1509

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1653url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1653

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-22876 log

Trust: 0.1

title:Debian Security Advisories: DSA-4881-1 curl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a9706a30f62799ecc4d45bdb53c244eb

Trust: 0.1

title:Red Hat: Moderate: Release of OpenShift Serverless 1.20.0url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220434 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat OpenShift distributed tracing 2.1.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220318 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Release of containers for OSP 16.2 director operator tech previewurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220842 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Gatekeeper Operator v0.2 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221081 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift GitOps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220580 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220856 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221396 - Security Advisory

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=4a9822530e6b610875f83ffc10e02aba

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:clair-clienturl:https://github.com/indece-official/clair-client

Trust: 0.1

title:myapp-container-jaxrsurl:https://github.com/akiraabe/myapp-container-jaxrs

Trust: 0.1

sources: VULMON: CVE-2021-22876 // CNNVD: CNNVD-202103-1706

EXTERNAL IDS

db:NVDid:CVE-2021-22876

Trust: 2.5

db:SIEMENSid:SSA-389290

Trust: 1.6

db:HACKERONEid:1101882

Trust: 1.6

db:PACKETSTORMid:166714

Trust: 0.7

db:PACKETSTORMid:162817

Trust: 0.7

db:PACKETSTORMid:165209

Trust: 0.7

db:PACKETSTORMid:166051

Trust: 0.7

db:PACKETSTORMid:165135

Trust: 0.7

db:PACKETSTORMid:165129

Trust: 0.7

db:PACKETSTORMid:165002

Trust: 0.7

db:PACKETSTORMid:166308

Trust: 0.6

db:PACKETSTORMid:165096

Trust: 0.6

db:PACKETSTORMid:162037

Trust: 0.6

db:PACKETSTORMid:163193

Trust: 0.6

db:PACKETSTORMid:164886

Trust: 0.6

db:PACKETSTORMid:166489

Trust: 0.6

db:PACKETSTORMid:162116

Trust: 0.6

db:PACKETSTORMid:165862

Trust: 0.6

db:PACKETSTORMid:165099

Trust: 0.6

db:PACKETSTORMid:166789

Trust: 0.6

db:PACKETSTORMid:165758

Trust: 0.6

db:AUSCERTid:ESB-2021.1461

Trust: 0.6

db:AUSCERTid:ESB-2021.3935

Trust: 0.6

db:AUSCERTid:ESB-2021.4172

Trust: 0.6

db:AUSCERTid:ESB-2021.4229

Trust: 0.6

db:AUSCERTid:ESB-2022.1071

Trust: 0.6

db:AUSCERTid:ESB-2022.0716

Trust: 0.6

db:AUSCERTid:ESB-2021.1670

Trust: 0.6

db:AUSCERTid:ESB-2021.3905

Trust: 0.6

db:AUSCERTid:ESB-2022.0245

Trust: 0.6

db:AUSCERTid:ESB-2021.4095

Trust: 0.6

db:AUSCERTid:ESB-2021.1129

Trust: 0.6

db:AUSCERTid:ESB-2021.4059

Trust: 0.6

db:AUSCERTid:ESB-2021.2168

Trust: 0.6

db:AUSCERTid:ESB-2021.4254

Trust: 0.6

db:AUSCERTid:ESB-2021.4019

Trust: 0.6

db:AUSCERTid:ESB-2021.3748

Trust: 0.6

db:AUSCERTid:ESB-2022.0493

Trust: 0.6

db:AUSCERTid:ESB-2021.1859

Trust: 0.6

db:AUSCERTid:ESB-2022.1637

Trust: 0.6

db:AUSCERTid:ESB-2022.1837

Trust: 0.6

db:AUSCERTid:ESB-2022.0394

Trust: 0.6

db:AUSCERTid:ESB-2021.1178

Trust: 0.6

db:AUSCERTid:ESB-2022.1677

Trust: 0.6

db:AUSCERTid:ESB-2023.3146

Trust: 0.6

db:AUSCERTid:ESB-2021.1118

Trust: 0.6

db:AUSCERTid:ESB-2021.1841

Trust: 0.6

db:AUSCERTid:ESB-2021.1114

Trust: 0.6

db:CS-HELPid:SB2021111131

Trust: 0.6

db:CS-HELPid:SB2021122914

Trust: 0.6

db:CS-HELPid:SB2021062142

Trust: 0.6

db:CS-HELPid:SB2021071312

Trust: 0.6

db:CS-HELPid:SB2021052711

Trust: 0.6

db:CS-HELPid:SB2022031104

Trust: 0.6

db:CNNVDid:CNNVD-202103-1706

Trust: 0.6

db:VULMONid:CVE-2021-22876

Trust: 0.1

db:PACKETSTORMid:165286

Trust: 0.1

sources: VULMON: CVE-2021-22876 // PACKETSTORM: 165286 // PACKETSTORM: 166714 // PACKETSTORM: 162817 // PACKETSTORM: 165209 // PACKETSTORM: 166051 // PACKETSTORM: 165135 // PACKETSTORM: 165129 // PACKETSTORM: 165002 // CNNVD: CNNVD-202103-1706 // NVD: CVE-2021-22876

REFERENCES

url:https://security.gentoo.org/glsa/202105-36

Trust: 1.7

url:https://hackerone.com/reports/1101882

Trust: 1.6

url:https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html

Trust: 1.6

url:https://curl.se/docs/cve-2021-22876.html

Trust: 1.6

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.6

url:https://security.netapp.com/advisory/ntap-20210521-0007/

Trust: 1.6

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 1.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 1.3

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kquioyx2kuu6fiuzvb5wwz6jhssysqwj/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2zc5bmioklbqjsfchedn2g2c2sh274bp/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/itvwpvglfisu5bjc2bxbrysdxtxe2ygc/

Trust: 1.0

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.6

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2zc5bmioklbqjsfchedn2g2c2sh274bp/

Trust: 0.6

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/itvwpvglfisu5bjc2bxbrysdxtxe2ygc/

Trust: 0.6

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kquioyx2kuu6fiuzvb5wwz6jhssysqwj/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0245

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1129

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1841

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3905

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3748

Trust: 0.6

url:https://packetstormsecurity.com/files/165862/red-hat-security-advisory-2022-0434-05.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1178

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0716

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062142

Trust: 0.6

url:https://packetstormsecurity.com/files/162037/ubuntu-security-notice-usn-4898-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/166489/red-hat-security-advisory-2022-1081-01.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/libcurl-information-disclosure-via-auto-referer-header-credentials-34977

Trust: 0.6

url:https://packetstormsecurity.com/files/162817/gentoo-linux-security-advisory-202105-36.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0394

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1859

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4059

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1461

Trust: 0.6

url:https://packetstormsecurity.com/files/166789/red-hat-security-advisory-2022-1396-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4254

Trust: 0.6

url:https://packetstormsecurity.com/files/166714/red-hat-security-advisory-2022-1354-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4095

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4172

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1837

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1637

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1677

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-v2-103-000-051-and-modules/

Trust: 0.6

url:https://packetstormsecurity.com/files/163193/red-hat-security-advisory-2021-2471-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052711

Trust: 0.6

url:https://packetstormsecurity.com/files/164886/red-hat-security-advisory-2021-4511-03.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021111131

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071312

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1071

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4019

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3146

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1670

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1114

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2021-22876-and-cve-2021-22890/

Trust: 0.6

url:https://packetstormsecurity.com/files/162116/ubuntu-security-notice-usn-4903-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2168

Trust: 0.6

url:https://packetstormsecurity.com/files/165135/red-hat-security-advisory-2021-4914-06.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122914

Trust: 0.6

url:https://packetstormsecurity.com/files/165129/red-hat-security-advisory-2021-4902-06.html

Trust: 0.6

url:https://packetstormsecurity.com/files/165209/red-hat-security-advisory-2021-5038-04.html

Trust: 0.6

url:https://packetstormsecurity.com/files/165096/red-hat-security-advisory-2021-4845-05.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0493

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3935

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1118

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4229

Trust: 0.6

url:https://packetstormsecurity.com/files/165002/red-hat-security-advisory-2021-4032-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/165099/red-hat-security-advisory-2021-4848-07.html

Trust: 0.6

url:https://packetstormsecurity.com/files/166051/red-hat-security-advisory-2022-0580-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/165758/red-hat-security-advisory-2022-0318-06.html

Trust: 0.6

url:https://packetstormsecurity.com/files/166308/red-hat-security-advisory-2022-0842-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031104

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-20673

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2018-20673

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-20266

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-20231

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-20232

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3778

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3796

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-20266

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-43527

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-14145

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-14145

Trust: 0.3

url:https://issues.jboss.org/):

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-27645

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-28153

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36385

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43267

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36385

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20271

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20317

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20317

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-29923

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23841

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23840

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25013

Trust: 0.1

url:https://access.redhat.com/security/vulnerabilities/rhsb-2021-009

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35522

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35524

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25009

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25014

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35521

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35524

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35522

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37136

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44228

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-17541

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36331

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31535

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35523

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5128

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36332

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25010

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-17541

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25014

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37137

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21409

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3481

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25009

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25010

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35523

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36330

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35521

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22924

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22924

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1354

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22890

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22901

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5038

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3795

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23440

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0580

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33560

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4658

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39241

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24348

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3200

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44790

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4658

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-34558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0512

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0512

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4914

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36222

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3656

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23343

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27304

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39293

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3749

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4902

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23343

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27304

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3801

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23369

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23383

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23369

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23383

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4032

Trust: 0.1

sources: PACKETSTORM: 165286 // PACKETSTORM: 166714 // PACKETSTORM: 162817 // PACKETSTORM: 165209 // PACKETSTORM: 166051 // PACKETSTORM: 165135 // PACKETSTORM: 165129 // PACKETSTORM: 165002 // CNNVD: CNNVD-202103-1706 // NVD: CVE-2021-22876

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 165286 // PACKETSTORM: 166714 // PACKETSTORM: 165209 // PACKETSTORM: 166051 // PACKETSTORM: 165135 // PACKETSTORM: 165129 // PACKETSTORM: 165002

SOURCES

db:VULMONid:CVE-2021-22876
db:PACKETSTORMid:165286
db:PACKETSTORMid:166714
db:PACKETSTORMid:162817
db:PACKETSTORMid:165209
db:PACKETSTORMid:166051
db:PACKETSTORMid:165135
db:PACKETSTORMid:165129
db:PACKETSTORMid:165002
db:CNNVDid:CNNVD-202103-1706
db:NVDid:CVE-2021-22876

LAST UPDATE DATE

2025-02-20T21:14:31.566000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-22876date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-202103-1706date:2023-06-05T00:00:00
db:NVDid:CVE-2021-22876date:2024-11-21T05:50:49.030

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-22876date:2021-04-01T00:00:00
db:PACKETSTORMid:165286date:2021-12-15T15:20:33
db:PACKETSTORMid:166714date:2022-04-13T22:20:44
db:PACKETSTORMid:162817date:2021-05-26T17:36:11
db:PACKETSTORMid:165209date:2021-12-09T14:50:37
db:PACKETSTORMid:166051date:2022-02-18T16:37:39
db:PACKETSTORMid:165135date:2021-12-03T16:41:45
db:PACKETSTORMid:165129date:2021-12-02T16:06:16
db:PACKETSTORMid:165002date:2021-11-17T15:25:40
db:CNNVDid:CNNVD-202103-1706date:2021-03-31T00:00:00
db:NVDid:CVE-2021-22876date:2021-04-01T18:15:12.823