ID

VAR-202109-1790


CVE

CVE-2021-22946


TITLE

libcurl Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202109-997

DESCRIPTION

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat 3scale API Management 2.11.1 Release - Container Images Advisory ID: RHSA-2021:5191-01 Product: 3scale API Management Advisory URL: https://access.redhat.com/errata/RHSA-2021:5191 Issue date: 2021-12-16 CVE Names: CVE-2020-26247 CVE-2020-36385 CVE-2021-0512 CVE-2021-3656 CVE-2021-3733 CVE-2021-22946 CVE-2021-22947 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 ==================================================================== 1. Summary: Red Hat 3scale API Management 2.11.1 Release - Container Images A security update for Red Hat 3scale API Management is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability listed as CVE link(s) in the References section. 2. Description: Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with Container Images, for Red Hat 3scale API Management 2.11.1. Security Fix(es): * rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema (CVE-2020-26247) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.11/html-single/installing_3scale/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1912487 - CVE-2020-26247 rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema 5. JIRA issues fixed (https://issues.jboss.org/): THREESCALE-6868 - [3scale][2.11][LO-prio] Improve select default Application plan THREESCALE-6879 - [3scale][2.11][HI-prio] Add 'Create new Application' flow to Product > Applications index THREESCALE-7030 - Address scalability in 'Create new Application' form THREESCALE-7203 - Fix Zync resync command in 5.6.9. Creating equivalent Zync routes THREESCALE-7475 - Some api calls result in "Destroying user session" THREESCALE-7488 - Ability to add external Lua dependencies for custom policies THREESCALE-7573 - Enable proxy environment variables via the APICAST CRD THREESCALE-7605 - type change of "policies_config" in /admin/api/services/{service_id}/proxy.json THREESCALE-7633 - Signup form in developer portal is disabled for users authenticted via external SSO THREESCALE-7644 - Metrics: Service for 3scale operator is missing THREESCALE-7646 - Cleanup/refactor Products and Backends index logic THREESCALE-7648 - Remove "#context-menu" from the url THREESCALE-7704 - Images based on RHEL 7 should contain at least ca-certificates-2021.2.50-72.el7_9.noarch.rpm THREESCALE-7731 - Reenable operator metrics service for apicast-operator THREESCALE-7761 - 3scale Operator doesn't respect *_proxy env vars THREESCALE-7765 - Remove MessageBus from System THREESCALE-7834 - admin can't create application when developer is not allowed to pick a plan THREESCALE-7863 - Update some Obsolete API's in 3scale_v2.js THREESCALE-7884 - Service top application endpoint is not working properly THREESCALE-7912 - ServiceMonitor created by monitoring showing HTTP 400 error THREESCALE-7913 - ServiceMonitor for 3scale operator has wide selector 6. References: https://access.redhat.com/security/cve/CVE-2020-26247 https://access.redhat.com/security/cve/CVE-2020-36385 https://access.redhat.com/security/cve/CVE-2021-0512 https://access.redhat.com/security/cve/CVE-2021-3656 https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.11/html-single/installing_3scale/index 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYbuXa9zjgjWX9erEAQhd9Q//SJfXxXPd+XV62WY6XMuzYpkSq0yoDhyj pwNuCSIj9Ck1hF+Us/bbkFuzrvjBBhThUnLDQtKchYvFWW+cXJCqPB8ZxIb1j2O6 RjSp6AwRJY19YKnykd0TdF7fMZYvEX2KaZDfYMIVJ6KKS/E7XvvJHdoVxCSFc5/q aZYfVafzxRF5EgaPTD5Lnwke5omsSYvyOhzR5oSTs0UZHq/3V7q/7SofhTRMBA3y V8S/yrEdVUfmDeQMi4NXMbUg3/EdqpnBvP7Vp9eLvFYHcYrM1xbxZg+OVnBhCX72 Ps8uzfCd4/G1nbhGeh5PtSHeTbm0yTw9/ugSWdoaYkGG1vXVQFdt1oz+uuhUu0fy w+Ng3ef+4JYoJxWcLp7X7eFm1MmRDSntRib/zGB3TWq9LoASFf//tjSIEag80nk3 26Mmu43nP3FEJvdUmtIbDVXmuTjZLCY15VAHCaDWkLZpkfAX2FaldErBPiRciUfX v+d/Y59luKUahGwxMqZ6KzofSnouUZncIy6xxb5d4LDHPwGPdwkHmgQXy/zsAz8P 5/AN8C54TcFErMe2MDm+EC2l2425Wgum4BqPnvBafFwe0QY8+uJdJwgLKkcJaW/U BOOf9ahxeiTcn2pgsFCEVUGT+c5GRWGgHZ6HEXBIsxbi4m/4U86qp4u3ZPAORvfe BW3AwasqEYc=QOAK -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-5079-3 September 21, 2021 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: USN-5079-1 introduced a regression in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: USN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-22945) Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. (CVE-2021-22946) Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.16 libcurl3-gnutls 7.58.0-2ubuntu3.16 libcurl3-nss 7.58.0-2ubuntu3.16 libcurl4 7.58.0-2ubuntu3.16 In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1997017 - unprivileged client fails to get guest agent data 1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import 2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed 2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion 2007336 - 4.8.3 containers 2007776 - Failed to Migrate Windows VM with CDROM (readonly) 2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted 2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues 2026881 - [4.8.3] vlan-filtering is getting applied on veth ports 5. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 5. Summary: An update is now available for Service Telemetry Framework 1.4 for RHEL 8. Description: Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring. Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/): 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5. These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack. For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Background ========= A command line tool and library for transferring data with URLs. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.86.0 >= 7.86.0 Description ========== Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All curl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0" References ========= [ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202212-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 1.71

sources: NVD: CVE-2021-22946 // VULHUB: VHN-381420 // PACKETSTORM: 165337 // PACKETSTORM: 164171 // PACKETSTORM: 164220 // PACKETSTORM: 165135 // PACKETSTORM: 165099 // PACKETSTORM: 168011 // PACKETSTORM: 169318 // PACKETSTORM: 170303

AFFECTED PRODUCTS

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:22.1.3

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:eqversion:9.1.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core consolescope:eqversion:22.2.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core service communication proxyscope:eqversion:1.15.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:9.0.6

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:oraclemodel:communications cloud native core network function cloud native environmentscope:eqversion:1.10.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:9.0.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:22.2.0

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:8.0.26

Trust: 1.0

vendor:oraclemodel:communications cloud native core security edge protection proxyscope:eqversion:22.1.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:oraclemodel:mysql serverscope:gteversion:5.7.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network slice selection functionscope:eqversion:1.8.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.3

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:8.2.0

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:haxxmodel:curlscope:gteversion:7.20.0

Trust: 1.0

vendor:oraclemodel:mysql serverscope:gteversion:8.0.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:8.2.12

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:1.11.0

Trust: 1.0

vendor:netappmodel:solidfire baseboard management controllerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h500escope:eqversion: -

Trust: 1.0

vendor:netappmodel:h700escope:eqversion: -

Trust: 1.0

vendor:haxxmodel:curlscope:ltversion:7.79.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:22.1.0

Trust: 1.0

vendor:netappmodel:h300escope:eqversion: -

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:5.7.35

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:1.15.0

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:1.15.1

Trust: 1.0

vendor:oraclemodel:commerce guided searchscope:eqversion:11.3.2

Trust: 1.0

sources: NVD: CVE-2021-22946

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22946
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202109-997
value: HIGH

Trust: 0.6

VULHUB: VHN-381420
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22946
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-381420
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22946
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-381420 // CNNVD: CNNVD-202109-997 // NVD: CVE-2021-22946

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

problemtype:CWE-325

Trust: 1.0

sources: VULHUB: VHN-381420 // NVD: CVE-2021-22946

THREAT TYPE

remote

Trust: 1.0

sources: PACKETSTORM: 164171 // PACKETSTORM: 164220 // PACKETSTORM: 168011 // PACKETSTORM: 169318 // CNNVD: CNNVD-202109-997

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202109-997

PATCH

title:HAXX Haxx curl Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=178532

Trust: 0.6

sources: CNNVD: CNNVD-202109-997

EXTERNAL IDS

db:NVDid:CVE-2021-22946

Trust: 2.5

db:SIEMENSid:SSA-389290

Trust: 1.7

db:HACKERONEid:1334111

Trust: 1.7

db:PACKETSTORMid:165337

Trust: 0.8

db:PACKETSTORMid:165135

Trust: 0.8

db:PACKETSTORMid:165099

Trust: 0.8

db:PACKETSTORMid:170303

Trust: 0.8

db:PACKETSTORMid:165053

Trust: 0.7

db:PACKETSTORMid:164993

Trust: 0.7

db:PACKETSTORMid:164740

Trust: 0.7

db:PACKETSTORMid:165209

Trust: 0.7

db:PACKETSTORMid:166319

Trust: 0.7

db:PACKETSTORMid:164948

Trust: 0.7

db:PACKETSTORMid:166112

Trust: 0.7

db:PACKETSTORMid:164220

Trust: 0.7

db:PACKETSTORMid:169318

Trust: 0.7

db:CS-HELPid:SB2021111512

Trust: 0.6

db:CS-HELPid:SB2021101006

Trust: 0.6

db:CS-HELPid:SB2021092301

Trust: 0.6

db:CS-HELPid:SB2022062007

Trust: 0.6

db:CS-HELPid:SB2022011905

Trust: 0.6

db:CS-HELPid:SB2022071832

Trust: 0.6

db:CS-HELPid:SB2022042261

Trust: 0.6

db:CS-HELPid:SB2021091514

Trust: 0.6

db:CS-HELPid:SB2022031433

Trust: 0.6

db:CS-HELPid:SB2021110316

Trust: 0.6

db:CS-HELPid:SB2021091715

Trust: 0.6

db:CS-HELPid:SB2022022222

Trust: 0.6

db:CS-HELPid:SB2021091601

Trust: 0.6

db:CS-HELPid:SB2022031104

Trust: 0.6

db:PACKETSTORMid:166714

Trust: 0.6

db:PACKETSTORMid:164172

Trust: 0.6

db:AUSCERTid:ESB-2021.3260

Trust: 0.6

db:AUSCERTid:ESB-2022.4266

Trust: 0.6

db:AUSCERTid:ESB-2021.3215

Trust: 0.6

db:AUSCERTid:ESB-2021.4172

Trust: 0.6

db:AUSCERTid:ESB-2021.3878

Trust: 0.6

db:AUSCERTid:ESB-2021.3934

Trust: 0.6

db:AUSCERTid:ESB-2021.3979

Trust: 0.6

db:AUSCERTid:ESB-2022.1025

Trust: 0.6

db:AUSCERTid:ESB-2021.3658

Trust: 0.6

db:AUSCERTid:ESB-2022.0245

Trust: 0.6

db:AUSCERTid:ESB-2021.4095

Trust: 0.6

db:AUSCERTid:ESB-2022.3022

Trust: 0.6

db:AUSCERTid:ESB-2021.3392

Trust: 0.6

db:AUSCERTid:ESB-2022.1637

Trust: 0.6

db:AUSCERTid:ESB-2022.1837

Trust: 0.6

db:AUSCERTid:ESB-2021.3119.2

Trust: 0.6

db:AUSCERTid:ESB-2021.3349

Trust: 0.6

db:AUSCERTid:ESB-2021.3119

Trust: 0.6

db:AUSCERTid:ESB-2023.3146

Trust: 0.6

db:AUSCERTid:ESB-2021.4280

Trust: 0.6

db:CNNVDid:CNNVD-202109-997

Trust: 0.6

db:VULHUBid:VHN-381420

Trust: 0.1

db:PACKETSTORMid:164171

Trust: 0.1

db:PACKETSTORMid:168011

Trust: 0.1

sources: VULHUB: VHN-381420 // PACKETSTORM: 165337 // PACKETSTORM: 164171 // PACKETSTORM: 164220 // PACKETSTORM: 165135 // PACKETSTORM: 165099 // PACKETSTORM: 168011 // PACKETSTORM: 169318 // PACKETSTORM: 170303 // CNNVD: CNNVD-202109-997 // NVD: CVE-2021-22946

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.3

url:https://security.gentoo.org/glsa/202212-01

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20211029-0003/

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20220121-0008/

Trust: 1.7

url:https://support.apple.com/kb/ht213183

Trust: 1.7

url:https://www.debian.org/security/2022/dsa-5197

Trust: 1.7

url:http://seclists.org/fulldisclosure/2022/mar/29

Trust: 1.7

url:https://hackerone.com/reports/1334111

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 1.3

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/apoak4x73ejtaptsvt7irvdmuwvxnwgd/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rwlec6yvem2hwubx67sdgpsy4cqb72oe/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/apoak4x73ejtaptsvt7irvdmuwvxnwgd/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rwlec6yvem2hwubx67sdgpsy4cqb72oe/

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2022.0245

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042261

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3349

Trust: 0.6

url:https://packetstormsecurity.com/files/170303/gentoo-linux-security-advisory-202212-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021111512

Trust: 0.6

url:https://packetstormsecurity.com/files/165337/red-hat-security-advisory-2021-5191-02.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/curl-man-in-the-middle-via-protocol-downgrade-36418

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3392

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6510176

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4280

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022022222

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3119

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3878

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021110316

Trust: 0.6

url:https://packetstormsecurity.com/files/164948/red-hat-security-advisory-2021-4618-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022062007

Trust: 0.6

url:https://packetstormsecurity.com/files/169318/debian-security-advisory-5197-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164172/ubuntu-security-notice-usn-5079-2.html

Trust: 0.6

url:https://packetstormsecurity.com/files/166714/red-hat-security-advisory-2022-1354-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4095

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4172

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4266

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1837

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1637

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101006

Trust: 0.6

url:https://packetstormsecurity.com/files/164740/red-hat-security-advisory-2021-4059-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164220/ubuntu-security-notice-usn-5079-3.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6527796

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3146

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021091514

Trust: 0.6

url:https://support.apple.com/en-us/ht213183

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021091715

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3215

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3022

Trust: 0.6

url:https://packetstormsecurity.com/files/165135/red-hat-security-advisory-2021-4914-06.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071832

Trust: 0.6

url:https://packetstormsecurity.com/files/165209/red-hat-security-advisory-2021-5038-04.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031433

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1025

Trust: 0.6

url:https://packetstormsecurity.com/files/166112/red-hat-security-advisory-2022-0635-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3979

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3658

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011905

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092301

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3934

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021091601

Trust: 0.6

url:https://packetstormsecurity.com/files/165099/red-hat-security-advisory-2021-4848-07.html

Trust: 0.6

url:https://packetstormsecurity.com/files/165053/red-hat-security-advisory-2021-4766-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164993/red-hat-security-advisory-2021-4628-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3119.2

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3260

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031104

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-22945

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-36222

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-0512

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3656

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36385

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-0512

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36385

Trust: 0.2

url:https://ubuntu.com/security/notices/usn-5079-1

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20231

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-20673

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20266

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-20673

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20266

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3778

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3796

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20232

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-27218

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27782

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32205

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27775

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32206

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27774

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32207

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27781

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27776

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22576

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.11/html-single/installing_3scale/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33938

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3656

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33929

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33928

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5191

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3733

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26247

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26247

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33930

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.15

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.7

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.74.0-1ubuntu2.3

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5079-3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.16

Trust: 0.1

url:https://launchpad.net/bugs/1944120

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-34558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43267

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29923

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20317

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20317

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4914

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28950

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3757

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14145

Trust: 0.1

url:https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4848

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23841

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3948

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14145

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3620

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23840

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3867

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9805

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3894

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9807

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3899

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30761

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8743

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-14502

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8743

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8823

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-10228

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3900

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9894

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27618

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8782

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-10228

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8771

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9952

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8846

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9915

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8783

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8625

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3326

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8813

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9806

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3885

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9802

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20305

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8764

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8769

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10018

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9895

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-14502

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15358

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8819

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3862

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13050

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3868

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-9169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3895

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3865

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14391

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3864

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9862

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3541

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8835

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14889

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8816

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8927

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3897

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8808

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13627

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3520

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20454

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8625

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8766

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11793

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9803

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9850

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25013

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3537

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30666

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3517

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30631

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8820

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9893

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23852

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14889

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1730

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8844

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20807

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3902

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5924

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8814

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13434

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8812

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25013

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8815

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20454

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3901

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30762

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13050

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13627

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29363

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20807

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0778

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15503

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8720

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22924

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/curl

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22922

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27779

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30115

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-35260

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22926

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32208

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27780

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-35252

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42916

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42915

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22923

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32221

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

sources: VULHUB: VHN-381420 // PACKETSTORM: 165337 // PACKETSTORM: 164171 // PACKETSTORM: 164220 // PACKETSTORM: 165135 // PACKETSTORM: 165099 // PACKETSTORM: 168011 // PACKETSTORM: 169318 // PACKETSTORM: 170303 // CNNVD: CNNVD-202109-997 // NVD: CVE-2021-22946

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 165337 // PACKETSTORM: 165135 // PACKETSTORM: 165099 // PACKETSTORM: 168011

SOURCES

db:VULHUBid:VHN-381420
db:PACKETSTORMid:165337
db:PACKETSTORMid:164171
db:PACKETSTORMid:164220
db:PACKETSTORMid:165135
db:PACKETSTORMid:165099
db:PACKETSTORMid:168011
db:PACKETSTORMid:169318
db:PACKETSTORMid:170303
db:CNNVDid:CNNVD-202109-997
db:NVDid:CVE-2021-22946

LAST UPDATE DATE

2024-11-20T21:50:11.043000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-381420date:2023-01-05T00:00:00
db:CNNVDid:CNNVD-202109-997date:2023-06-05T00:00:00
db:NVDid:CVE-2021-22946date:2024-03-27T15:12:52.090

SOURCES RELEASE DATE

db:VULHUBid:VHN-381420date:2021-09-29T00:00:00
db:PACKETSTORMid:165337date:2021-12-17T14:04:30
db:PACKETSTORMid:164171date:2021-09-15T15:27:42
db:PACKETSTORMid:164220date:2021-09-21T15:39:10
db:PACKETSTORMid:165135date:2021-12-03T16:41:45
db:PACKETSTORMid:165099date:2021-11-30T14:44:48
db:PACKETSTORMid:168011date:2022-08-09T14:36:05
db:PACKETSTORMid:169318date:2022-08-28T19:12:00
db:PACKETSTORMid:170303date:2022-12-19T13:48:31
db:CNNVDid:CNNVD-202109-997date:2021-09-15T00:00:00
db:NVDid:CVE-2021-22946date:2021-09-29T20:15:08.187