ID

VAR-202108-2222


CVE

CVE-2021-22924


TITLE

cURL  Incorrectly resolved name and reference usage vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-009762

DESCRIPTION

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. cURL There is a vulnerability in the use of incorrectly resolved names and references.Information may be obtained. A security issue has been found in curl before version 7.78.0. The comparison also didn't include the 'issuer cert' which a transfer can set to qualify how to verify the server certificate. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-dotnet31-curl security update Advisory ID: RHSA-2022:1354-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1354 Issue date: 2022-04-13 CVE Names: CVE-2021-22876 CVE-2021-22924 CVE-2021-22946 CVE-2021-22947 ==================================================================== 1. Summary: An update for rh-dotnet31-curl is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Security Fix(es): * curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876) * curl: Bad connection reuse due to flawed path name checks (CVE-2021-22924) * curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946) * curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks 2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols 2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYlb3SNzjgjWX9erEAQgpXg/5AT2Nh6ff5mqlZ7dY4dfRgIFgwWOFbvsL 7SHL2ScZJGC2ArXHw9ZpL6XqOZlNm6LGy3V9py4CTEt3lSOl1i3NG4LBKjA7tnea C0l327UhJZqwg1NtZzuhfJTjngxY+09PKNF9X9ULfISZAU0LJlA32VsY/Aw3r2Pu tPx+v+xFKHov+lCT9M75Y7gd0O1McWRwnLF+9E8sVYfkkWp/KMEg4BiuiIax+5lD 9Cs7sgYGct1wDMC+aXbcgM06vCY8nKTwyD67yuFjL+wbHnjcO12Kle9AIzPLQpjU LvzQRqE5/KNhH1BC0jLJwRmFuRH4q/JP8+PRK7/9ABLIl10uj37z9XKpqRj5eBKe tof7/1Fq1DIhDQXoU2TB6SdWwAW/GgLb0tQf1F9KUfgJ+PUQGZED7JzB/jjBZqEy Rh2zDbM8hpCyTBA1bZb/34NyuGG2fypXYkbAda61bWAmn/oV4+P7tV+rGVdQP9GA rlvFPm3sEvT5qHe2pI0du5+Y0yB1PjPMmwYKBlNmhuNFbKgH6dLv8KlKMcbJvu4T dA7yKkZyyxux8W1Reyp0Wzh2wJE5aQfbZm9rzVDJ896AIlO+UzqHXH4XWoFQV1Rz Foj7yKfAJAS/fumVMGd5Z2rpzf8bVjiPltQi+qXFgdyfqpkLxzSKj1tFtWxFW8P4 04zDwrF/odg=o6o+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack. For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5021-1 July 22, 2021 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. (CVE-2021-22898, CVE-2021-22925) Harry Sintonen discovered that curl incorrectly reused connections in the connection pool. This could result in curl reusing the wrong connections. (CVE-2021-22924) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: curl 7.74.0-1ubuntu2.1 libcurl3-gnutls 7.74.0-1ubuntu2.1 libcurl3-nss 7.74.0-1ubuntu2.1 libcurl4 7.74.0-1ubuntu2.1 Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.6 libcurl3-gnutls 7.68.0-1ubuntu2.6 libcurl3-nss 7.68.0-1ubuntu2.6 libcurl4 7.68.0-1ubuntu2.6 Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.14 libcurl3-gnutls 7.58.0-2ubuntu3.14 libcurl3-nss 7.58.0-2ubuntu3.14 libcurl4 7.58.0-2ubuntu3.14 In general, a standard system update will make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Summary: The Migration Toolkit for Containers (MTC) 1.6.0 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 1878824 - Web console is not accessible when deployed on OpenShift cluster on IBM Cloud 1887526 - "Stage" pods fail when migrating from classic OpenShift source cluster on IBM Cloud with block storage 1899562 - MigMigration custom resource does not display an error message when a migration fails because of volume mount error 1936886 - Service account token of existing remote cluster cannot be updated by using the web console 1936894 - "Ready" status of MigHook and MigPlan custom resources is not synchronized automatically 1949117 - "Migration plan resources" page displays a permanent error message when a migration plan is deleted from the backend 1951869 - MigPlan custom resource does not detect invalid source cluster reference 1968621 - Paused deployment config causes a migration to hang 1970338 - Parallel migrations fail because the initial backup is missing 1974737 - Migration plan name length in the "Migration plan" wizard is not validated 1975369 - "Debug view" link text on "Migration plans" page can be improved 1975372 - Destination namespace in MigPlan custom resource is not validated 1976895 - Namespace mapping cannot be changed using the Migration Plan wizard 1981810 - "Excluded" resources are not excluded from the migration 1982026 - Direct image migration fails if the source URI contains a double slash ("//") 1994985 - Web console crashes when a MigPlan custom resource is created with an empty namespaces list 1996169 - When "None" is selected as the target storage class in the web console, the setting is ignored and the default storage class is used 1996627 - MigPlan custom resource displays a "PvUsageAnalysisFailed" warning after a successful PVC migration 1996784 - "Migration resources" tree on the "Migration details" page is not displayed 1996902 - "Select all" checkbox on the "Namespaces" page of the "Migration plan" wizard remains selected after a namespace is unselected 1996904 - "Migration" dialogs on the "Migration plans" page display inconsistent capitalization 1996906 - "Migration details" page link is displayed for a migration plan with no associated migrations 1996938 - Search function on "Migration plans" page displays no results 1997051 - Indirect migration from MTC 1.5.1 to 1.6.0 fails during "StageBackup" phase 1997127 - Direct volume migration "retry" feature does not work correctly after a network failure 1997173 - Migration of custom resource definitions to OpenShift Container Platform 4.9 fails because of API version incompatibility 1997180 - "migration-log-reader" pod does not log invalid Rsync options 1997665 - Selected PVCs in the "State migration" dialog are reset because of background polling 1997694 - "Update operator" link on the "Clusters" page is incorrect 1997827 - "Migration plan" wizard displays PVC names incorrectly formatted after running state migration 1998062 - Rsync pod uses upstream image 1998283 - "Migration step details" link on the "Migrations" page does not work 1998550 - "Migration plan" wizard does not support certain screen resolutions 1998581 - "Migration details" link on "Migration plans" page displays "latestIsFailed" error 1999113 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 1999381 - MigPlan custom resource displays "Stage completed with warnings" status after successful migration 1999528 - Position of the "Add migration plan" button is different from the other "Add" buttons 1999765 - "Migrate" button on "State migration" dialog is enabled when no PVCs are selected 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2000205 - "Options" menu on the "Migration details" page displays incorrect items 2000218 - Validation incorrectly blocks namespace mapping if a source cluster namespace is the same as the destination namespace 2000243 - "Migration plan" wizard does not allow a migration within the same cluster 2000644 - Invalid migration plan causes "controller" pod to crash 2000875 - State migration status on "Migrations" page displays "Stage succeeded" message 2000979 - "clusterIPs" parameter of "service" object can cause Velero errors 2001089 - Direct volume migration fails because of missing CA path configuration 2001173 - Migration plan requires two clusters 2001786 - Migration fails during "Stage Backup" step because volume path on host not found 2001829 - Migration does not complete when the namespace contains a cron job with a PVC 2001941 - Fixing PVC conflicts in state migration plan using the web console causes the migration to run twice 2002420 - "Stage" pod not created for completed application pod, causing the "mig-controller" to stall 2002608 - Migration of unmounted PVC fails during "StageBackup" phase 2002897 - Rollback migration does not complete when the namespace contains a cron job 2003603 - "View logs" dialog displays the "--selector" option, which does not print all logs 2004601 - Migration plan status on "Migration plans" page is "Ready" after migration completed with warnings 2004923 - Web console displays "New operator version available" notification for incorrect operator 2005143 - Combining Rsync and Stunnel in a single pod can degrade performance 2006316 - Web console cannot create migration plan in a proxy environment 2007175 - Web console cannot be launched in a proxy environment 5. JIRA issues fixed (https://issues.jboss.org/): MIG-785 - Search for "Crane" in the Operator Hub should display the Migration Toolkit for Containers 6. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.1.11 General Availability release images, which provide a security fix and update the container images. Description: Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes. Container updates: * RHACM 2.1.11 images (BZ# 1999375) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To apply this upgrade, you must upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1999375 - RHACM 2.1.11 images 5. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.4/html/release_notes/ Security fixes: * CVE-2021-33623: nodejs-trim-newlines: ReDoS in .end() method * CVE-2021-32626: redis: Lua scripts can overflow the heap-based Lua stack * CVE-2021-32627: redis: Integer overflow issue with Streams * CVE-2021-32628: redis: Integer overflow bug in the ziplist data structure * CVE-2021-32672: redis: Out of bounds read in lua debugger protocol parser * CVE-2021-32675: redis: Denial of service via Redis Standard Protocol (RESP) request * CVE-2021-32687: redis: Integer overflow issue with intsets * CVE-2021-32690: helm: information disclosure vulnerability * CVE-2021-32803: nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite * CVE-2021-32804: nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite * CVE-2021-23017: nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name * CVE-2021-3711: openssl: SM2 Decryption Buffer Overflow * CVE-2021-3712: openssl: Read buffer overruns processing ASN.1 strings * CVE-2021-3749: nodejs-axios: Regular expression denial of service in trim function * CVE-2021-41099: redis: Integer overflow issue with strings Bug fixes: * RFE ACM Application management UI doesn't reflect object status (Bugzilla #1965321) * RHACM 2.4 files (Bugzilla #1983663) * Hive Operator CrashLoopBackOff when deploying ACM with latest downstream 2.4 (Bugzilla #1993366) * submariner-addon pod failing in RHACM 2.4 latest ds snapshot (Bugzilla #1994668) * ACM 2.4 install on OCP 4.9 ipv6 disconnected hub fails due to multicluster pod in clb (Bugzilla #2000274) * pre-network-manager-config failed due to timeout when static config is used (Bugzilla #2003915) * InfraEnv condition does not reflect the actual error message (Bugzilla #2009204, 2010030) * Flaky test point to a nil pointer conditions list (Bugzilla #2010175) * InfraEnv status shows 'Failed to create image: internal error (Bugzilla #2010272) * subctl diagnose firewall intra-cluster - failed VXLAN checks (Bugzilla #2013157) * pre-network-manager-config failed due to timeout when static config is used (Bugzilla #2014084) 3. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1965321 - RFE ACM Application management UI doesn't reflect object status 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1983663 - RHACM 2.4.0 images 1990409 - CVE-2021-32804 nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite 1990415 - CVE-2021-32803 nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite 1993366 - Hive Operator CrashLoopBackOff when deploying ACM with latest downstream 2.4 1994668 - submariner-addon pod failing in RHACM 2.4 latest ds snapshot 1995623 - CVE-2021-3711 openssl: SM2 Decryption Buffer Overflow 1995634 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2000274 - ACM 2.4 install on OCP 4.9 ipv6 disconnected hub fails due to multicluster pod in clb 2003915 - pre-network-manager-config failed due to timeout when static config is used 2009204 - InfraEnv condition does not reflect the actual error message 2010030 - InfraEnv condition does not reflect the actual error message 2010175 - Flaky test point to a nil pointer conditions list 2010272 - InfraEnv status shows 'Failed to create image: internal error 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings 2013157 - subctl diagnose firewall intra-cluster - failed VXLAN checks 2014084 - pre-network-manager-config failed due to timeout when static config is used 5

Trust: 2.43

sources: NVD: CVE-2021-22924 // JVNDB: JVNDB-2021-009762 // VULHUB: VHN-381398 // VULMON: CVE-2021-22924 // PACKETSTORM: 166714 // PACKETSTORM: 169318 // PACKETSTORM: 163637 // PACKETSTORM: 164221 // PACKETSTORM: 164342 // PACKETSTORM: 164282 // PACKETSTORM: 164948

AFFECTED PRODUCTS

vendor:siemensmodel:scalance m804pbscope:ltversion:7.1

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:eqversion:9.1.0

Trust: 1.0

vendor:siemensmodel:simatic rtu3030cscope:ltversion:5.0.14

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:netappmodel:solidfire \& hci management nodescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.1

Trust: 1.0

vendor:siemensmodel:scalance m816-1scope:ltversion:7.1

Trust: 1.0

vendor:siemensmodel:simatic cp 1543-1scope:ltversion:3.0.22

Trust: 1.0

vendor:siemensmodel:simatic rtu 3041cscope:ltversion:5.0.14

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:9.0.6

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:9.0.0

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:8.0.26

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:oraclemodel:mysql serverscope:gteversion:5.7.0

Trust: 1.0

vendor:siemensmodel:sinema remote connectscope:ltversion:3.1

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:8.2.0

Trust: 1.0

vendor:siemensmodel:simatic rtu3010cscope:ltversion:5.0.14

Trust: 1.0

vendor:siemensmodel:logo\! cmr2040scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:ruggedcomrm 1224 ltescope:ltversion:7.1

Trust: 1.0

vendor:siemensmodel:simatic cp 1545-1scope:ltversion:1.1

Trust: 1.0

vendor:siemensmodel:scalance m876-3scope:ltversion:7.1

Trust: 1.0

vendor:siemensmodel:scalance s615scope:ltversion:7.1

Trust: 1.0

vendor:siemensmodel:scalance m812-1scope:ltversion:7.1

Trust: 1.0

vendor:oraclemodel:mysql serverscope:gteversion:8.0.0

Trust: 1.0

vendor:siemensmodel:logo\! cmr2020scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance mum856-1scope:ltversion:7.1

Trust: 1.0

vendor:siemensmodel:simatic rtu3031cscope:ltversion:5.0.14

Trust: 1.0

vendor:siemensmodel:scalance m876-4scope:ltversion:7.1

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:haxxmodel:libcurlscope:gteversion:7.10.4

Trust: 1.0

vendor:siemensmodel:scalance m874-2scope:ltversion:7.1

Trust: 1.0

vendor:siemensmodel:siplus net cp 1543-1scope:ltversion:3.0.22

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:8.2.12

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:siemensmodel:scalance m874-3scope:ltversion:7.1

Trust: 1.0

vendor:haxxmodel:libcurlscope:ltversion:7.77.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:5.7.36

Trust: 1.0

vendor:siemensmodel:scalance m826-2scope:ltversion:7.1

Trust: 1.0

vendor:netappmodel:solidfire baseboard management controllerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:オラクルmodel:peoplesoft enterprise peopletoolsscope: - version: -

Trust: 0.8

vendor:netappmodel:solidfire & hci management nodescope: - version: -

Trust: 0.8

vendor:netappmodel:clustered data ontapscope: - version: -

Trust: 0.8

vendor:haxxmodel:curlscope: - version: -

Trust: 0.8

vendor:オラクルmodel:mysqlscope: - version: -

Trust: 0.8

vendor:日立model:日立高信頼サーバ rv3000scope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-009762 // NVD: CVE-2021-22924

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22924
value: LOW

Trust: 1.0

NVD: CVE-2021-22924
value: LOW

Trust: 0.8

CNNVD: CNNVD-202107-1569
value: LOW

Trust: 0.6

VULHUB: VHN-381398
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22924
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-381398
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22924
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-22924
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-381398 // JVNDB: JVNDB-2021-009762 // CNNVD: CNNVD-202107-1569 // NVD: CVE-2021-22924

PROBLEMTYPE DATA

problemtype:CWE-706

Trust: 1.1

problemtype:CWE-20

Trust: 1.0

problemtype:Use of incorrectly resolved names and references (CWE-706) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-381398 // JVNDB: JVNDB-2021-009762 // NVD: CVE-2021-22924

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 169318 // PACKETSTORM: 163637 // CNNVD: CNNVD-202107-1569

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202107-1569

PATCH

title:hitachi-sec-2023-204url:https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html

Trust: 0.8

title:Arch Linux Repair measures for trust management problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=157203

Trust: 0.6

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-22924 log

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-61] libcurl-compat: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-61

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-60] lib32-curl: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-60

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-64] lib32-libcurl-gnutls: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-64

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-62] lib32-libcurl-compat: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-62

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-63] libcurl-gnutls: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-63

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-59] curl: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-59

Trust: 0.1

sources: VULMON: CVE-2021-22924 // JVNDB: JVNDB-2021-009762 // CNNVD: CNNVD-202107-1569

EXTERNAL IDS

db:NVDid:CVE-2021-22924

Trust: 4.1

db:HACKERONEid:1223565

Trust: 2.5

db:SIEMENSid:SSA-732250

Trust: 1.7

db:SIEMENSid:SSA-484086

Trust: 1.7

db:SIEMENSid:SSA-389290

Trust: 1.7

db:PACKETSTORMid:164948

Trust: 0.8

db:JVNid:JVNVU91709091

Trust: 0.8

db:JVNDBid:JVNDB-2021-009762

Trust: 0.8

db:PACKETSTORMid:164755

Trust: 0.7

db:PACKETSTORMid:164583

Trust: 0.7

db:PACKETSTORMid:166714

Trust: 0.7

db:PACKETSTORMid:169318

Trust: 0.7

db:PACKETSTORMid:163637

Trust: 0.7

db:PACKETSTORMid:164221

Trust: 0.7

db:PACKETSTORMid:164342

Trust: 0.7

db:PACKETSTORMid:164282

Trust: 0.7

db:AUSCERTid:ESB-2021.3211

Trust: 0.6

db:AUSCERTid:ESB-2022.4266

Trust: 0.6

db:AUSCERTid:ESB-2021.3941

Trust: 0.6

db:AUSCERTid:ESB-2021.3878

Trust: 0.6

db:AUSCERTid:ESB-2021.3472

Trust: 0.6

db:AUSCERTid:ESB-2021.3430

Trust: 0.6

db:AUSCERTid:ESB-2021.2473

Trust: 0.6

db:AUSCERTid:ESB-2021.3485

Trust: 0.6

db:AUSCERTid:ESB-2022.1637

Trust: 0.6

db:AUSCERTid:ESB-2021.2526

Trust: 0.6

db:AUSCERTid:ESB-2021.2755

Trust: 0.6

db:AUSCERTid:ESB-2021.3167

Trust: 0.6

db:AUSCERTid:ESB-2023.3146

Trust: 0.6

db:AUSCERTid:ESB-2021.3499

Trust: 0.6

db:AUSCERTid:ESB-2021.3649

Trust: 0.6

db:CS-HELPid:SB2022042566

Trust: 0.6

db:CS-HELPid:SB2021092811

Trust: 0.6

db:CS-HELPid:SB2021072212

Trust: 0.6

db:CS-HELPid:SB2021112309

Trust: 0.6

db:CS-HELPid:SB2021110313

Trust: 0.6

db:CS-HELPid:SB2021080210

Trust: 0.6

db:CS-HELPid:SB2021090834

Trust: 0.6

db:CS-HELPid:SB2021092221

Trust: 0.6

db:CS-HELPid:SB2021072814

Trust: 0.6

db:CS-HELPid:SB2021102116

Trust: 0.6

db:CS-HELPid:SB2022031104

Trust: 0.6

db:PACKETSTORMid:164511

Trust: 0.6

db:PACKETSTORMid:164562

Trust: 0.6

db:PACKETSTORMid:164523

Trust: 0.6

db:PACKETSTORMid:164555

Trust: 0.6

db:ICS CERTid:ICSA-22-132-13

Trust: 0.6

db:CNNVDid:CNNVD-202107-1569

Trust: 0.6

db:PACKETSTORMid:165008

Trust: 0.1

db:VULHUBid:VHN-381398

Trust: 0.1

db:VULMONid:CVE-2021-22924

Trust: 0.1

sources: VULHUB: VHN-381398 // VULMON: CVE-2021-22924 // JVNDB: JVNDB-2021-009762 // PACKETSTORM: 166714 // PACKETSTORM: 169318 // PACKETSTORM: 163637 // PACKETSTORM: 164221 // PACKETSTORM: 164342 // PACKETSTORM: 164282 // PACKETSTORM: 164948 // CNNVD: CNNVD-202107-1569 // NVD: CVE-2021-22924

REFERENCES

url:https://hackerone.com/reports/1223565

Trust: 2.5

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20210902-0003/

Trust: 1.7

url:https://www.debian.org/security/2022/dsa-5197

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-22924

Trust: 1.5

url:https://access.redhat.com/security/cve/cve-2021-22924

Trust: 1.1

url:https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cdev.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cusers.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cdev.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cusers.kafka.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/

Trust: 1.0

url:https://jvn.jp/vu/jvnvu91709091/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/

Trust: 0.7

url:https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cdev.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cdev.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cusers.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cusers.kafka.apache.org%3e

Trust: 0.7

url:https://packetstormsecurity.com/files/164342/red-hat-security-advisory-2021-3694-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164282/red-hat-security-advisory-2021-3653-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042566

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-132-13

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2755

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021112309

Trust: 0.6

url:https://packetstormsecurity.com/files/164555/red-hat-security-advisory-2021-3917-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164755/red-hat-security-advisory-2021-4104-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3649

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3146

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3211

Trust: 0.6

url:https://packetstormsecurity.com/files/164523/red-hat-security-advisory-2021-3873-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3430

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3472

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072814

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3499

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021080210

Trust: 0.6

url:https://packetstormsecurity.com/files/164221/red-hat-security-advisory-2021-3582-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164511/red-hat-security-advisory-2021-3851-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164583/red-hat-security-advisory-2021-3949-01.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/curl-information-disclosure-via-connection-reuse-35955

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2526

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092221

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3878

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072212

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021110313

Trust: 0.6

url:https://packetstormsecurity.com/files/164948/red-hat-security-advisory-2021-4618-01.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6495409

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3167

Trust: 0.6

url:https://packetstormsecurity.com/files/169318/debian-security-advisory-5197-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2473

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092811

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3485

Trust: 0.6

url:https://packetstormsecurity.com/files/163637/ubuntu-security-notice-usn-5021-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3941

Trust: 0.6

url:https://packetstormsecurity.com/files/166714/red-hat-security-advisory-2022-1354-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021090834

Trust: 0.6

url:https://packetstormsecurity.com/files/164562/red-hat-security-advisory-2021-3925-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4266

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1637

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021102116

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031104

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-22923

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-22922

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-22922

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-22923

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-36222

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-36222

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-37750

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3749

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23017

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23017

Trust: 0.2

url:http://seclists.org/oss-sec/2021/q3/26

Trust: 0.1

url:https://security.archlinux.org/cve-2021-22924

Trust: 0.1

url:https://security.archlinux.org/asa-202107-61

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1354

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27782

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32206

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32207

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27781

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27776

Trust: 0.1

url:https://security-tracker.debian.org/tracker/curl

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22576

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22945

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.74.0-1ubuntu2.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.14

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5021-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.6

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3582

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/migration_toolkit_for_con

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37576

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-38201

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-38201

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3694

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37576

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3749

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3653

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27777

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29154

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31535

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3653

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32399

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29650

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27777

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32399

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3653

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29650

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22555

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31535

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22555

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33929

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0512

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32803

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33930

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32626

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32690

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3711

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4618

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32675

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3656

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3733

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36385

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32675

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32804

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36385

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41099

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3656

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32804

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32627

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32672

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32627

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32690

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0512

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32628

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32626

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3711

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32672

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33623

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32687

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33928

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3712

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32687

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32628

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32803

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.1

sources: VULHUB: VHN-381398 // VULMON: CVE-2021-22924 // JVNDB: JVNDB-2021-009762 // PACKETSTORM: 166714 // PACKETSTORM: 169318 // PACKETSTORM: 163637 // PACKETSTORM: 164221 // PACKETSTORM: 164342 // PACKETSTORM: 164282 // PACKETSTORM: 164948 // CNNVD: CNNVD-202107-1569 // NVD: CVE-2021-22924

CREDITS

Siemens notified CISA these devices are affected by these known vulnerabilities.

Trust: 0.6

sources: CNNVD: CNNVD-202107-1569

SOURCES

db:VULHUBid:VHN-381398
db:VULMONid:CVE-2021-22924
db:JVNDBid:JVNDB-2021-009762
db:PACKETSTORMid:166714
db:PACKETSTORMid:169318
db:PACKETSTORMid:163637
db:PACKETSTORMid:164221
db:PACKETSTORMid:164342
db:PACKETSTORMid:164282
db:PACKETSTORMid:164948
db:CNNVDid:CNNVD-202107-1569
db:NVDid:CVE-2021-22924

LAST UPDATE DATE

2025-04-21T22:11:06.243000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-381398date:2022-10-28T00:00:00
db:JVNDBid:JVNDB-2021-009762date:2023-02-20T06:10:00
db:CNNVDid:CNNVD-202107-1569date:2023-06-05T00:00:00
db:NVDid:CVE-2021-22924date:2024-03-27T15:11:45.923

SOURCES RELEASE DATE

db:VULHUBid:VHN-381398date:2021-08-05T00:00:00
db:JVNDBid:JVNDB-2021-009762date:2022-05-19T00:00:00
db:PACKETSTORMid:166714date:2022-04-13T22:20:44
db:PACKETSTORMid:169318date:2022-08-28T19:12:00
db:PACKETSTORMid:163637date:2021-07-22T23:15:11
db:PACKETSTORMid:164221date:2021-09-21T15:40:44
db:PACKETSTORMid:164342date:2021-09-30T16:27:16
db:PACKETSTORMid:164282date:2021-09-24T15:49:04
db:PACKETSTORMid:164948date:2021-11-12T17:01:04
db:CNNVDid:CNNVD-202107-1569date:2021-07-21T00:00:00
db:NVDid:CVE-2021-22924date:2021-08-05T21:15:11.380