ID

VAR-202108-2222


CVE

CVE-2021-22924


TITLE

libcurl Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202107-1569

DESCRIPTION

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. A security issue has been found in curl before version 7.78.0. The comparison also didn't include the 'issuer cert' which a transfer can set to qualify how to verify the server certificate. ========================================================================== Ubuntu Security Notice USN-5021-1 July 22, 2021 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. (CVE-2021-22898, CVE-2021-22925) Harry Sintonen discovered that curl incorrectly reused connections in the connection pool. This could result in curl reusing the wrong connections. (CVE-2021-22924) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: curl 7.74.0-1ubuntu2.1 libcurl3-gnutls 7.74.0-1ubuntu2.1 libcurl3-nss 7.74.0-1ubuntu2.1 libcurl4 7.74.0-1ubuntu2.1 Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.6 libcurl3-gnutls 7.68.0-1ubuntu2.6 libcurl3-nss 7.68.0-1ubuntu2.6 libcurl4 7.68.0-1ubuntu2.6 Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.14 libcurl3-gnutls 7.58.0-2ubuntu3.14 libcurl3-nss 7.58.0-2ubuntu3.14 libcurl4 7.58.0-2ubuntu3.14 In general, a standard system update will make all the necessary changes. Description: Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. Security Fixes: * PT RHOAM: XSS in 3scale at various places (CVE-2021-3442) * aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto SDK for golang (CVE-2020-8911) * aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto SDK for golang (CVE-2020-8912) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1869800 - CVE-2020-8911 aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto SDK for golang 1869801 - CVE-2020-8912 aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto SDK for golang 1930083 - CVE-2021-3442 PT RHOAM: XSS in 3scale at various places 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-dotnet31-curl security update Advisory ID: RHSA-2022:1354-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1354 Issue date: 2022-04-13 CVE Names: CVE-2021-22876 CVE-2021-22924 CVE-2021-22946 CVE-2021-22947 ==================================================================== 1. Summary: An update for rh-dotnet31-curl is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Security Fix(es): * curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876) * curl: Bad connection reuse due to flawed path name checks (CVE-2021-22924) * curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946) * curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks 2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols 2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYlb3SNzjgjWX9erEAQgpXg/5AT2Nh6ff5mqlZ7dY4dfRgIFgwWOFbvsL 7SHL2ScZJGC2ArXHw9ZpL6XqOZlNm6LGy3V9py4CTEt3lSOl1i3NG4LBKjA7tnea C0l327UhJZqwg1NtZzuhfJTjngxY+09PKNF9X9ULfISZAU0LJlA32VsY/Aw3r2Pu tPx+v+xFKHov+lCT9M75Y7gd0O1McWRwnLF+9E8sVYfkkWp/KMEg4BiuiIax+5lD 9Cs7sgYGct1wDMC+aXbcgM06vCY8nKTwyD67yuFjL+wbHnjcO12Kle9AIzPLQpjU LvzQRqE5/KNhH1BC0jLJwRmFuRH4q/JP8+PRK7/9ABLIl10uj37z9XKpqRj5eBKe tof7/1Fq1DIhDQXoU2TB6SdWwAW/GgLb0tQf1F9KUfgJ+PUQGZED7JzB/jjBZqEy Rh2zDbM8hpCyTBA1bZb/34NyuGG2fypXYkbAda61bWAmn/oV4+P7tV+rGVdQP9GA rlvFPm3sEvT5qHe2pI0du5+Y0yB1PjPMmwYKBlNmhuNFbKgH6dLv8KlKMcbJvu4T dA7yKkZyyxux8W1Reyp0Wzh2wJE5aQfbZm9rzVDJ896AIlO+UzqHXH4XWoFQV1Rz Foj7yKfAJAS/fumVMGd5Z2rpzf8bVjiPltQi+qXFgdyfqpkLxzSKj1tFtWxFW8P4 04zDwrF/odg=o6o+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary: Red Hat Advanced Cluster Management for Kubernetes 2.1.12 General Availability release images, which provide security fixes and update the container images. Description: Red Hat Advanced Cluster Management for Kubernetes 2.1.12 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.1/html/release_notes/ Security fixes: * redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626) * redis: Integer overflow issue with Streams (CVE-2021-32627) * redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628) * redis: Integer overflow issue with intsets (CVE-2021-32687) * redis: Integer overflow issue with strings (CVE-2021-41099) * redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675) * redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Container updates: * RHACM 2.1.12 images (BZ# 2007489) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To apply this upgrade, you must upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/): 2007489 - RHACM 2.1.12 images 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings 5. Description: Quay 3.6.0 release Security Fix(es): * nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774) * python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c (CVE-2021-25289) * nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27516) * nodejs-debug: Regular expression Denial of Service (CVE-2017-16137) * nodejs-mime: Regular expression Denial of Service (CVE-2017-16138) * nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format (CVE-2018-1107) * nodejs-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-16492) * nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure (CVE-2018-21270) * nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920) * nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922) * nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203) * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366) * nodejs-highlight-js: prototype pollution via a crafted HTML code block (CVE-2020-26237) * urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291) * python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow (CVE-2020-35654) * browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364) * nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368) * nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382) * python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290) * python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c (CVE-2021-25291) * python-pillow: backtracking regex in PDF parser could be used as a DOS attack (CVE-2021-25292) * python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293) * nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27515) * python-pillow: reported size of a contained image is not properly checked for a BLP container (CVE-2021-27921) * python-pillow: reported size of a contained image is not properly checked for an ICNS container (CVE-2021-27922) * python-pillow: reported size of a contained image is not properly checked for an ICO container (CVE-2021-27923) * python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552) * nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js (CVE-2018-1109) * lodash: Prototype pollution in utilities function (CVE-2018-3721) * hoek: Prototype pollution in utilities function (CVE-2018-3728) * lodash: uncontrolled resource consumption in Data handler causing denial of service (CVE-2019-1010266) * nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608) * python-pillow: decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1500700 - CVE-2017-16138 nodejs-mime: Regular expression Denial of Service 1500705 - CVE-2017-16137 nodejs-debug: Regular expression Denial of Service 1545884 - CVE-2018-3721 lodash: Prototype pollution in utilities function 1545893 - CVE-2018-3728 hoek: Prototype pollution in utilities function 1546357 - CVE-2018-1107 nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format 1547272 - CVE-2018-1109 nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js 1608140 - CVE-2018-16492 nodejs-extend: Prototype pollution can allow attackers to modify object properties 1743096 - CVE-2019-1010266 lodash: uncontrolled resource consumption in Data handler causing denial of service 1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS 1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution 1901662 - CVE-2020-26237 nodejs-highlight-js: prototype pollution via a crafted HTML code block 1915257 - CVE-2020-26291 urijs: Hostname spoofing via backslashes in URL 1915420 - CVE-2020-35653 python-pillow: decoding a crafted PCX file could result in buffer over-read 1915424 - CVE-2020-35654 python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow 1927293 - CVE-2018-21270 nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure 1934470 - CVE-2021-27516 nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise 1934474 - CVE-2021-27515 nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise 1934680 - CVE-2021-25289 python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c 1934685 - CVE-2021-25290 python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c 1934692 - CVE-2021-25291 python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c 1934699 - CVE-2021-25292 python-pillow: backtracking regex in PDF parser could be used as a DOS attack 1934705 - CVE-2021-25293 python-pillow: out-of-bounds read in SGIRleDecode.c 1935384 - CVE-2021-27921 python-pillow: reported size of a contained image is not properly checked for a BLP container 1935396 - CVE-2021-27922 python-pillow: reported size of a contained image is not properly checked for an ICNS container 1935401 - CVE-2021-27923 python-pillow: reported size of a contained image is not properly checked for an ICO container 1940759 - CVE-2018-3774 nodejs-url-parse: incorrect hostname in url parsing 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1982378 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function 5. JIRA issues fixed (https://issues.jboss.org/): PROJQUAY-1417 - zstd compressed layers PROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay PROJQUAY-1535 - As a user I can create and use nested repository name structures PROJQUAY-1583 - add "disconnected" annotation to operators PROJQUAY-1609 - Operator communicates status per managed component PROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment PROJQUAY-1791 - v1beta CRD EOL PROJQUAY-1883 - Support OCP Re-encrypt routes PROJQUAY-1887 - allow either sha or tag in related images PROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. PROJQUAY-1998 - note database deprecations in 3.6 Config Tool PROJQUAY-2050 - Support OCP Edge-Termination PROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly PROJQUAY-2102 - add clair-4.2 enrichment data to quay UI PROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install 6. Bugs fixed (https://bugzilla.redhat.com/): 1858777 - Alert for VM with 'evictionStrategy: LiveMigrate' for local PVs set 1891921 - virt-launcher is missing /usr/share/zoneinfo directory, making it impossible to set clock offset of timezone type for the guest RTC 1896469 - In cluster with OVN Kubernetes networking - a node doesn't recover when configuring linux-bridge over its default NIC 1903687 - [scale] 1K DV creation failed 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1933043 - Delete VM just after it turns into "running" is very likely to hit grace period end 1935219 - [CNV-2.5] Set memory and CPU request on hco-operator and hco-webhook deployments 1942726 - test automatic bug creation for a new release 1943164 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 1945589 - Live migration with virtiofs is possible 1953481 - New OCP priority classes are not used - Deploy 1953483 - New OCP priority classes are not used - SSP 1953484 - New OCP priority classes are not used - Storage 1955129 - Failed to bindmount hotplug-disk for hostpath-provisioner 1957852 - Could not start VM as restore snapshot was still not Complete 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 1963963 - hco.kubevirt.io:config-reader role and rolebinding are not strictly reconciled 1965050 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 1973852 - Introduce VM crashloop backoff 1976604 - [CNV-5786] IP connectivity is lost after migration (masquerade) 1976730 - Disk is not usable due to incorrect size for proper alignment 1979631 - virt-chroot: container disk validation crash prevents VMI from starting/migrating 1979659 - 4.9.0 containers 1981345 - 4.9.0 rpms 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1985083 - VMI Pod fails to terminate due to a zombie qemu process 1985649 - virt-handler Pod is missing xorrisofs command 1985670 - virt-launcher fails to create v1 controller cpu for group: Read-only file system 1985719 - Unprivileged client fails to get guest agent data 1989176 - kube-cni-linux-bridge-plugin Pod is missing bridge CNI plugin 1989263 - VM Snapshot may freeze guest indefinitely 1989269 - Online VM Snapshot storing incorrect VM spec 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1991691 - Enable DownwardMetrics FeatureGate via HCO CR 1992608 - kubevirt doesn't respect useEmulation: true 1993121 - Rhel9 templates - provider-url should be updated to https://www.redhat.com/ 1994389 - Some of the cdi resources missing app labels 1995295 - SCC annotation of ssp-operator was changed to privileged 1996407 - [cdi-functional-tests] cdi-docker-registry-host Pod fails to start 1997014 - Common templates - dataVolumeTemplates API version should be updated 1998054 - RHEL9 template - update template description. 1998656 - no "name" label in ssp-operator pod 1999571 - NFS clone not progressing when clone sizes mismatch (target > source) 1999617 - Unable to create a VM with nonroot VirtLauncher Pods 1999835 - ConsoleCLIDownload | wrong path in virtctl archive URL 2000052 - NNCP creation failures after nmstate-handler pod deletion 2000204 - [4.9.0] [RFE] volumeSnapshotStatuses reason does not check for volume type that do not support snapshots 2001041 - [4.9.0] Importer attempts to shrink an image in certain situations 2001047 - Automatic size detection may not request a PVC that is large enough for an import 2003473 - Failed to Migrate Windows VM with CDROM (readonly) 2005695 - With descheduler during multiple VMIs migrations, some VMs are restarted 2006418 - Clone Strategy does not work as described 2008900 - Eviction of not live migratable VMs due to virt-launcher upgrade can happen outside the upgrade window 2010742 - [CNV-4.9] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2011179 - Cluster-wide live migration limits and timeouts are not suitable 2017394 - After upgrade, live migration is Pending 2018521 - [Storage] Failed to restore VirtualMachineSnapshot after CNV upgrade 5. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1998844 - virt-handler Pod is missing xorrisofs command 2008522 - "unable to execute QEMU agent command 'guest-get-users'" logs in virt-launcher pod every 10 seconds 2010334 - VM is not able to be migrated after failed migration 2012328 - 2.6.8 containers 2013494 - [CNV-2.6.8] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 5. These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack. For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE-----

Trust: 1.98

sources: NVD: CVE-2021-22924 // VULHUB: VHN-381398 // VULMON: CVE-2021-22924 // PACKETSTORM: 163637 // PACKETSTORM: 164562 // PACKETSTORM: 164511 // PACKETSTORM: 166714 // PACKETSTORM: 164583 // PACKETSTORM: 164555 // PACKETSTORM: 164755 // PACKETSTORM: 164948 // PACKETSTORM: 165008 // PACKETSTORM: 169318

AFFECTED PRODUCTS

vendor:siemensmodel:scalance m804pbscope:ltversion:7.1

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:eqversion:9.1.0

Trust: 1.0

vendor:siemensmodel:simatic rtu3030cscope:ltversion:5.0.14

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:netappmodel:solidfire \& hci management nodescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.1

Trust: 1.0

vendor:siemensmodel:scalance m816-1scope:ltversion:7.1

Trust: 1.0

vendor:siemensmodel:simatic cp 1543-1scope:ltversion:3.0.22

Trust: 1.0

vendor:siemensmodel:simatic rtu 3041cscope:ltversion:5.0.14

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:9.0.6

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:9.0.0

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:8.0.26

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:oraclemodel:mysql serverscope:gteversion:5.7.0

Trust: 1.0

vendor:siemensmodel:sinema remote connectscope:ltversion:3.1

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:8.2.0

Trust: 1.0

vendor:siemensmodel:simatic rtu3010cscope:ltversion:5.0.14

Trust: 1.0

vendor:siemensmodel:logo\! cmr2040scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:ruggedcomrm 1224 ltescope:ltversion:7.1

Trust: 1.0

vendor:siemensmodel:simatic cp 1545-1scope:ltversion:1.1

Trust: 1.0

vendor:siemensmodel:scalance m876-3scope:ltversion:7.1

Trust: 1.0

vendor:siemensmodel:scalance s615scope:ltversion:7.1

Trust: 1.0

vendor:siemensmodel:scalance m812-1scope:ltversion:7.1

Trust: 1.0

vendor:oraclemodel:mysql serverscope:gteversion:8.0.0

Trust: 1.0

vendor:siemensmodel:logo\! cmr2020scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance mum856-1scope:ltversion:7.1

Trust: 1.0

vendor:siemensmodel:simatic rtu3031cscope:ltversion:5.0.14

Trust: 1.0

vendor:siemensmodel:scalance m876-4scope:ltversion:7.1

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:haxxmodel:libcurlscope:gteversion:7.10.4

Trust: 1.0

vendor:siemensmodel:scalance m874-2scope:ltversion:7.1

Trust: 1.0

vendor:siemensmodel:siplus net cp 1543-1scope:ltversion:3.0.22

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:8.2.12

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:siemensmodel:scalance m874-3scope:ltversion:7.1

Trust: 1.0

vendor:haxxmodel:libcurlscope:ltversion:7.77.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:5.7.36

Trust: 1.0

vendor:siemensmodel:scalance m826-2scope:ltversion:7.1

Trust: 1.0

vendor:netappmodel:solidfire baseboard management controllerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2021-22924

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22924
value: LOW

Trust: 1.0

CNNVD: CNNVD-202107-1569
value: LOW

Trust: 0.6

VULHUB: VHN-381398
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22924
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-381398
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22924
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-381398 // CNNVD: CNNVD-202107-1569 // NVD: CVE-2021-22924

PROBLEMTYPE DATA

problemtype:CWE-706

Trust: 1.1

problemtype:CWE-20

Trust: 1.0

sources: VULHUB: VHN-381398 // NVD: CVE-2021-22924

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 163637 // PACKETSTORM: 169318 // CNNVD: CNNVD-202107-1569

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202107-1569

PATCH

title:Arch Linux Repair measures for trust management problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=157203

Trust: 0.6

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-22924 log

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-61] libcurl-compat: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-61

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-60] lib32-curl: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-60

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-64] lib32-libcurl-gnutls: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-64

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-62] lib32-libcurl-compat: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-62

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-63] libcurl-gnutls: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-63

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-59] curl: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-59

Trust: 0.1

sources: VULMON: CVE-2021-22924 // CNNVD: CNNVD-202107-1569

EXTERNAL IDS

db:NVDid:CVE-2021-22924

Trust: 2.8

db:SIEMENSid:SSA-732250

Trust: 1.7

db:SIEMENSid:SSA-484086

Trust: 1.7

db:SIEMENSid:SSA-389290

Trust: 1.7

db:HACKERONEid:1223565

Trust: 1.7

db:PACKETSTORMid:164948

Trust: 0.8

db:PACKETSTORMid:164755

Trust: 0.8

db:PACKETSTORMid:164583

Trust: 0.8

db:PACKETSTORMid:163637

Trust: 0.7

db:PACKETSTORMid:164562

Trust: 0.7

db:PACKETSTORMid:164511

Trust: 0.7

db:PACKETSTORMid:166714

Trust: 0.7

db:PACKETSTORMid:164555

Trust: 0.7

db:PACKETSTORMid:169318

Trust: 0.7

db:AUSCERTid:ESB-2021.3211

Trust: 0.6

db:AUSCERTid:ESB-2022.4266

Trust: 0.6

db:AUSCERTid:ESB-2021.3941

Trust: 0.6

db:AUSCERTid:ESB-2021.3878

Trust: 0.6

db:AUSCERTid:ESB-2021.3472

Trust: 0.6

db:AUSCERTid:ESB-2021.3430

Trust: 0.6

db:AUSCERTid:ESB-2021.2473

Trust: 0.6

db:AUSCERTid:ESB-2021.3485

Trust: 0.6

db:AUSCERTid:ESB-2022.1637

Trust: 0.6

db:AUSCERTid:ESB-2021.2526

Trust: 0.6

db:AUSCERTid:ESB-2021.2755

Trust: 0.6

db:AUSCERTid:ESB-2021.3167

Trust: 0.6

db:AUSCERTid:ESB-2023.3146

Trust: 0.6

db:AUSCERTid:ESB-2021.3499

Trust: 0.6

db:AUSCERTid:ESB-2021.3649

Trust: 0.6

db:CS-HELPid:SB2022042566

Trust: 0.6

db:CS-HELPid:SB2021092811

Trust: 0.6

db:CS-HELPid:SB2021072212

Trust: 0.6

db:CS-HELPid:SB2021112309

Trust: 0.6

db:CS-HELPid:SB2021110313

Trust: 0.6

db:CS-HELPid:SB2021080210

Trust: 0.6

db:CS-HELPid:SB2021090834

Trust: 0.6

db:CS-HELPid:SB2021092221

Trust: 0.6

db:CS-HELPid:SB2021072814

Trust: 0.6

db:CS-HELPid:SB2021102116

Trust: 0.6

db:CS-HELPid:SB2022031104

Trust: 0.6

db:PACKETSTORMid:164282

Trust: 0.6

db:PACKETSTORMid:164342

Trust: 0.6

db:PACKETSTORMid:164523

Trust: 0.6

db:PACKETSTORMid:164221

Trust: 0.6

db:ICS CERTid:ICSA-22-132-13

Trust: 0.6

db:CNNVDid:CNNVD-202107-1569

Trust: 0.6

db:PACKETSTORMid:165008

Trust: 0.2

db:VULHUBid:VHN-381398

Trust: 0.1

db:VULMONid:CVE-2021-22924

Trust: 0.1

sources: VULHUB: VHN-381398 // VULMON: CVE-2021-22924 // PACKETSTORM: 163637 // PACKETSTORM: 164562 // PACKETSTORM: 164511 // PACKETSTORM: 166714 // PACKETSTORM: 164583 // PACKETSTORM: 164555 // PACKETSTORM: 164755 // PACKETSTORM: 164948 // PACKETSTORM: 165008 // PACKETSTORM: 169318 // CNNVD: CNNVD-202107-1569 // NVD: CVE-2021-22924

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20210902-0003/

Trust: 1.7

url:https://www.debian.org/security/2022/dsa-5197

Trust: 1.7

url:https://hackerone.com/reports/1223565

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2021-22924

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-22924

Trust: 1.0

url:https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cdev.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cusers.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cdev.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cusers.kafka.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/

Trust: 1.0

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/

Trust: 0.7

url:https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cdev.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cdev.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cusers.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cusers.kafka.apache.org%3e

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-22922

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2021-36222

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-22923

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2021-22922

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2021-22923

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-36222

Trust: 0.6

url:https://packetstormsecurity.com/files/164342/red-hat-security-advisory-2021-3694-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164282/red-hat-security-advisory-2021-3653-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042566

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-132-13

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2755

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021112309

Trust: 0.6

url:https://packetstormsecurity.com/files/164555/red-hat-security-advisory-2021-3917-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164755/red-hat-security-advisory-2021-4104-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3649

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3146

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3211

Trust: 0.6

url:https://packetstormsecurity.com/files/164523/red-hat-security-advisory-2021-3873-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3430

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3472

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072814

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3499

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021080210

Trust: 0.6

url:https://packetstormsecurity.com/files/164221/red-hat-security-advisory-2021-3582-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164511/red-hat-security-advisory-2021-3851-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164583/red-hat-security-advisory-2021-3949-01.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/curl-information-disclosure-via-connection-reuse-35955

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2526

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092221

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3878

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072212

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021110313

Trust: 0.6

url:https://packetstormsecurity.com/files/164948/red-hat-security-advisory-2021-4618-01.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6495409

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3167

Trust: 0.6

url:https://packetstormsecurity.com/files/169318/debian-security-advisory-5197-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2473

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092811

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3485

Trust: 0.6

url:https://packetstormsecurity.com/files/163637/ubuntu-security-notice-usn-5021-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3941

Trust: 0.6

url:https://packetstormsecurity.com/files/166714/red-hat-security-advisory-2022-1354-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021090834

Trust: 0.6

url:https://packetstormsecurity.com/files/164562/red-hat-security-advisory-2021-3925-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4266

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1637

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021102116

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031104

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-3653

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-37750

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3653

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-25648

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-25648

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-32626

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-32687

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-32626

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-32675

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3656

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-3656

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-32675

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-41099

Trust: 0.3

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-32627

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-32687

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-32628

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-32672

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-32627

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-32672

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-32628

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22543

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-41099

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23017

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22543

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-4658

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-4658

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-37576

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32690

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32690

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23841

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23017

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23840

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-37576

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-34558

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-34558

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3733

Trust: 0.2

url:http://seclists.org/oss-sec/2021/q3/26

Trust: 0.1

url:https://security.archlinux.org/cve-2021-22924

Trust: 0.1

url:https://security.archlinux.org/asa-202107-61

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.74.0-1ubuntu2.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.14

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5021-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.6

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21670

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21670

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25741

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21671

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21671

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25741

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3715

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8912

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8911

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3442

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8911

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3715

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3442

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8912

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3851

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1354

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3949

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27922

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1109

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7608

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26237

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-21270

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25292

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26237

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25289

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20920

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-3728

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-34552

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35653

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25289

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35654

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1109

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-3721

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23368

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8203

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1107

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-3774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7608

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-16137

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8203

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-21270

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23382

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26291

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15366

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25291

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16492

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27921

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-3774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20920

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27515

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20922

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1010266

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35654

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27923

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25290

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23364

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16492

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1010266

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20922

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1107

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3917

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26291

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35653

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23382

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-16138

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-3728

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-3721

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15366

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27516

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-16138

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-16137

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25293

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23364

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23368

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3121

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33197

Trust: 0.1

url:https://www.redhat.com/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4104

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33195

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33198

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33198

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31525

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33197

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31525

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33929

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0512

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32803

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33930

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3711

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4618

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36385

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32804

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36385

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32804

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0512

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3711

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33623

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33928

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3712

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33938

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32803

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4725

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29923

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29923

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27782

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32206

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32207

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27781

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27776

Trust: 0.1

url:https://security-tracker.debian.org/tracker/curl

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22576

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22945

Trust: 0.1

sources: VULHUB: VHN-381398 // VULMON: CVE-2021-22924 // PACKETSTORM: 163637 // PACKETSTORM: 164562 // PACKETSTORM: 164511 // PACKETSTORM: 166714 // PACKETSTORM: 164583 // PACKETSTORM: 164555 // PACKETSTORM: 164755 // PACKETSTORM: 164948 // PACKETSTORM: 165008 // PACKETSTORM: 169318 // CNNVD: CNNVD-202107-1569 // NVD: CVE-2021-22924

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 164562 // PACKETSTORM: 164511 // PACKETSTORM: 166714 // PACKETSTORM: 164583 // PACKETSTORM: 164555 // PACKETSTORM: 164755 // PACKETSTORM: 164948 // PACKETSTORM: 165008

SOURCES

db:VULHUBid:VHN-381398
db:VULMONid:CVE-2021-22924
db:PACKETSTORMid:163637
db:PACKETSTORMid:164562
db:PACKETSTORMid:164511
db:PACKETSTORMid:166714
db:PACKETSTORMid:164583
db:PACKETSTORMid:164555
db:PACKETSTORMid:164755
db:PACKETSTORMid:164948
db:PACKETSTORMid:165008
db:PACKETSTORMid:169318
db:CNNVDid:CNNVD-202107-1569
db:NVDid:CVE-2021-22924

LAST UPDATE DATE

2024-11-22T20:07:52.282000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-381398date:2022-10-28T00:00:00
db:CNNVDid:CNNVD-202107-1569date:2023-06-05T00:00:00
db:NVDid:CVE-2021-22924date:2024-03-27T15:11:45.923

SOURCES RELEASE DATE

db:VULHUBid:VHN-381398date:2021-08-05T00:00:00
db:PACKETSTORMid:163637date:2021-07-22T23:15:11
db:PACKETSTORMid:164562date:2021-10-20T15:45:47
db:PACKETSTORMid:164511date:2021-10-14T15:19:59
db:PACKETSTORMid:166714date:2022-04-13T22:20:44
db:PACKETSTORMid:164583date:2021-10-21T15:31:47
db:PACKETSTORMid:164555date:2021-10-19T15:32:20
db:PACKETSTORMid:164755date:2021-11-03T17:47:45
db:PACKETSTORMid:164948date:2021-11-12T17:01:04
db:PACKETSTORMid:165008date:2021-11-18T17:07:15
db:PACKETSTORMid:169318date:2022-08-28T19:12:00
db:CNNVDid:CNNVD-202107-1569date:2021-07-21T00:00:00
db:NVDid:CVE-2021-22924date:2021-08-05T21:15:11.380