ID

VAR-202109-1790


CVE

CVE-2021-22946


TITLE

libcurl Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202109-997

DESCRIPTION

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-03-14-4 macOS Monterey 12.3 macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183. Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t) curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623 FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976 Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656 GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t) Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t) Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/) SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t) System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes) UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158 VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17 xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group Additional recognition AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance. Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance. Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance. Local Authentication We would like to acknowledge an anonymous researcher for their assistance. Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance. Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance. Siri We would like to acknowledge an anonymous researcher for their assistance. syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance. TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance. WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance. WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance. macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-dotnet31-curl security update Advisory ID: RHSA-2022:1354-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1354 Issue date: 2022-04-13 CVE Names: CVE-2021-22876 CVE-2021-22924 CVE-2021-22946 CVE-2021-22947 ==================================================================== 1. Summary: An update for rh-dotnet31-curl is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Security Fix(es): * curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876) * curl: Bad connection reuse due to flawed path name checks (CVE-2021-22924) * curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946) * curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks 2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols 2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. ========================================================================= Ubuntu Security Notice USN-5079-4 September 21, 2021 curl regression ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: USN-5079-2 introduced a regression in curl. One of the fixes introduced a regression. This update fixes the problem. Original advisory details: Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. (CVE-2021-22946) Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: curl 7.47.0-1ubuntu2.19+esm2 libcurl3 7.47.0-1ubuntu2.19+esm2 libcurl3-gnutls 7.47.0-1ubuntu2.19+esm2 libcurl3-nss 7.47.0-1ubuntu2.19+esm2 Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm9 libcurl3 7.35.0-1ubuntu2.20+esm9 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm9 libcurl3-nss 7.35.0-1ubuntu2.20+esm9 In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/): 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1858 - OpenShift Alerting Rules Style-Guide Compliance LOG-1917 - [release-5.1] Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server 6. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.4.0 General Availability release images, which fix several bugs and security issues. Description: Red Hat Advanced Cluster Management for Kubernetes 2.4.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.4/html/release_notes/ Security fixes: * CVE-2021-33623: nodejs-trim-newlines: ReDoS in .end() method * CVE-2021-32626: redis: Lua scripts can overflow the heap-based Lua stack * CVE-2021-32627: redis: Integer overflow issue with Streams * CVE-2021-32628: redis: Integer overflow bug in the ziplist data structure * CVE-2021-32672: redis: Out of bounds read in lua debugger protocol parser * CVE-2021-32675: redis: Denial of service via Redis Standard Protocol (RESP) request * CVE-2021-32687: redis: Integer overflow issue with intsets * CVE-2021-32690: helm: information disclosure vulnerability * CVE-2021-32803: nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite * CVE-2021-32804: nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite * CVE-2021-23017: nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name * CVE-2021-3711: openssl: SM2 Decryption Buffer Overflow * CVE-2021-3712: openssl: Read buffer overruns processing ASN.1 strings * CVE-2021-3749: nodejs-axios: Regular expression denial of service in trim function * CVE-2021-41099: redis: Integer overflow issue with strings Bug fixes: * RFE ACM Application management UI doesn't reflect object status (Bugzilla #1965321) * RHACM 2.4 files (Bugzilla #1983663) * Hive Operator CrashLoopBackOff when deploying ACM with latest downstream 2.4 (Bugzilla #1993366) * submariner-addon pod failing in RHACM 2.4 latest ds snapshot (Bugzilla #1994668) * ACM 2.4 install on OCP 4.9 ipv6 disconnected hub fails due to multicluster pod in clb (Bugzilla #2000274) * pre-network-manager-config failed due to timeout when static config is used (Bugzilla #2003915) * InfraEnv condition does not reflect the actual error message (Bugzilla #2009204, 2010030) * Flaky test point to a nil pointer conditions list (Bugzilla #2010175) * InfraEnv status shows 'Failed to create image: internal error (Bugzilla #2010272) * subctl diagnose firewall intra-cluster - failed VXLAN checks (Bugzilla #2013157) * pre-network-manager-config failed due to timeout when static config is used (Bugzilla #2014084) 3. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1965321 - RFE ACM Application management UI doesn't reflect object status 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1983663 - RHACM 2.4.0 images 1990409 - CVE-2021-32804 nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite 1990415 - CVE-2021-32803 nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite 1993366 - Hive Operator CrashLoopBackOff when deploying ACM with latest downstream 2.4 1994668 - submariner-addon pod failing in RHACM 2.4 latest ds snapshot 1995623 - CVE-2021-3711 openssl: SM2 Decryption Buffer Overflow 1995634 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2000274 - ACM 2.4 install on OCP 4.9 ipv6 disconnected hub fails due to multicluster pod in clb 2003915 - pre-network-manager-config failed due to timeout when static config is used 2009204 - InfraEnv condition does not reflect the actual error message 2010030 - InfraEnv condition does not reflect the actual error message 2010175 - Flaky test point to a nil pointer conditions list 2010272 - InfraEnv status shows 'Failed to create image: internal error 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings 2013157 - subctl diagnose firewall intra-cluster - failed VXLAN checks 2014084 - pre-network-manager-config failed due to timeout when static config is used 5. These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack. For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2. We recommend that you upgrade your curl packages

Trust: 1.71

sources: NVD: CVE-2021-22946 // VULHUB: VHN-381420 // PACKETSTORM: 166319 // PACKETSTORM: 166714 // PACKETSTORM: 166112 // PACKETSTORM: 164171 // PACKETSTORM: 164230 // PACKETSTORM: 164993 // PACKETSTORM: 164948 // PACKETSTORM: 169318

AFFECTED PRODUCTS

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:22.1.3

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:eqversion:9.1.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core consolescope:eqversion:22.2.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core service communication proxyscope:eqversion:1.15.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:9.0.6

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:oraclemodel:communications cloud native core network function cloud native environmentscope:eqversion:1.10.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:9.0.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:22.2.0

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:8.0.26

Trust: 1.0

vendor:oraclemodel:communications cloud native core security edge protection proxyscope:eqversion:22.1.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:oraclemodel:mysql serverscope:gteversion:5.7.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network slice selection functionscope:eqversion:1.8.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.3

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:8.2.0

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:haxxmodel:curlscope:gteversion:7.20.0

Trust: 1.0

vendor:oraclemodel:mysql serverscope:gteversion:8.0.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:8.2.12

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:1.11.0

Trust: 1.0

vendor:netappmodel:solidfire baseboard management controllerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h500escope:eqversion: -

Trust: 1.0

vendor:netappmodel:h700escope:eqversion: -

Trust: 1.0

vendor:haxxmodel:curlscope:ltversion:7.79.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:22.1.0

Trust: 1.0

vendor:netappmodel:h300escope:eqversion: -

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:5.7.35

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:1.15.0

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:1.15.1

Trust: 1.0

vendor:oraclemodel:commerce guided searchscope:eqversion:11.3.2

Trust: 1.0

sources: NVD: CVE-2021-22946

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22946
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202109-997
value: HIGH

Trust: 0.6

VULHUB: VHN-381420
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22946
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-381420
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22946
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-381420 // CNNVD: CNNVD-202109-997 // NVD: CVE-2021-22946

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

problemtype:CWE-325

Trust: 1.0

sources: VULHUB: VHN-381420 // NVD: CVE-2021-22946

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 164171 // PACKETSTORM: 169318 // CNNVD: CNNVD-202109-997

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202109-997

PATCH

title:HAXX Haxx curl Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=178532

Trust: 0.6

sources: CNNVD: CNNVD-202109-997

EXTERNAL IDS

db:NVDid:CVE-2021-22946

Trust: 2.5

db:SIEMENSid:SSA-389290

Trust: 1.7

db:HACKERONEid:1334111

Trust: 1.7

db:PACKETSTORMid:164993

Trust: 0.8

db:PACKETSTORMid:166319

Trust: 0.8

db:PACKETSTORMid:164948

Trust: 0.8

db:PACKETSTORMid:166112

Trust: 0.8

db:PACKETSTORMid:165053

Trust: 0.7

db:PACKETSTORMid:165337

Trust: 0.7

db:PACKETSTORMid:165135

Trust: 0.7

db:PACKETSTORMid:164740

Trust: 0.7

db:PACKETSTORMid:165099

Trust: 0.7

db:PACKETSTORMid:165209

Trust: 0.7

db:PACKETSTORMid:170303

Trust: 0.7

db:PACKETSTORMid:166714

Trust: 0.7

db:PACKETSTORMid:169318

Trust: 0.7

db:CS-HELPid:SB2021111512

Trust: 0.6

db:CS-HELPid:SB2021101006

Trust: 0.6

db:CS-HELPid:SB2021092301

Trust: 0.6

db:CS-HELPid:SB2022062007

Trust: 0.6

db:CS-HELPid:SB2022011905

Trust: 0.6

db:CS-HELPid:SB2022071832

Trust: 0.6

db:CS-HELPid:SB2022042261

Trust: 0.6

db:CS-HELPid:SB2021091514

Trust: 0.6

db:CS-HELPid:SB2022031433

Trust: 0.6

db:CS-HELPid:SB2021110316

Trust: 0.6

db:CS-HELPid:SB2021091715

Trust: 0.6

db:CS-HELPid:SB2022022222

Trust: 0.6

db:CS-HELPid:SB2021091601

Trust: 0.6

db:CS-HELPid:SB2022031104

Trust: 0.6

db:PACKETSTORMid:164220

Trust: 0.6

db:PACKETSTORMid:164172

Trust: 0.6

db:AUSCERTid:ESB-2021.3260

Trust: 0.6

db:AUSCERTid:ESB-2022.4266

Trust: 0.6

db:AUSCERTid:ESB-2021.3215

Trust: 0.6

db:AUSCERTid:ESB-2021.4172

Trust: 0.6

db:AUSCERTid:ESB-2021.3878

Trust: 0.6

db:AUSCERTid:ESB-2021.3934

Trust: 0.6

db:AUSCERTid:ESB-2021.3979

Trust: 0.6

db:AUSCERTid:ESB-2022.1025

Trust: 0.6

db:AUSCERTid:ESB-2021.3658

Trust: 0.6

db:AUSCERTid:ESB-2022.0245

Trust: 0.6

db:AUSCERTid:ESB-2021.4095

Trust: 0.6

db:AUSCERTid:ESB-2022.3022

Trust: 0.6

db:AUSCERTid:ESB-2021.3392

Trust: 0.6

db:AUSCERTid:ESB-2022.1637

Trust: 0.6

db:AUSCERTid:ESB-2022.1837

Trust: 0.6

db:AUSCERTid:ESB-2021.3119.2

Trust: 0.6

db:AUSCERTid:ESB-2021.3349

Trust: 0.6

db:AUSCERTid:ESB-2021.3119

Trust: 0.6

db:AUSCERTid:ESB-2023.3146

Trust: 0.6

db:AUSCERTid:ESB-2021.4280

Trust: 0.6

db:CNNVDid:CNNVD-202109-997

Trust: 0.6

db:VULHUBid:VHN-381420

Trust: 0.1

db:PACKETSTORMid:164171

Trust: 0.1

db:PACKETSTORMid:164230

Trust: 0.1

sources: VULHUB: VHN-381420 // PACKETSTORM: 166319 // PACKETSTORM: 166714 // PACKETSTORM: 166112 // PACKETSTORM: 164171 // PACKETSTORM: 164230 // PACKETSTORM: 164993 // PACKETSTORM: 164948 // PACKETSTORM: 169318 // CNNVD: CNNVD-202109-997 // NVD: CVE-2021-22946

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.3

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20211029-0003/

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20220121-0008/

Trust: 1.7

url:https://support.apple.com/kb/ht213183

Trust: 1.7

url:https://www.debian.org/security/2022/dsa-5197

Trust: 1.7

url:http://seclists.org/fulldisclosure/2022/mar/29

Trust: 1.7

url:https://security.gentoo.org/glsa/202212-01

Trust: 1.7

url:https://hackerone.com/reports/1334111

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 1.4

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/apoak4x73ejtaptsvt7irvdmuwvxnwgd/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rwlec6yvem2hwubx67sdgpsy4cqb72oe/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/apoak4x73ejtaptsvt7irvdmuwvxnwgd/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rwlec6yvem2hwubx67sdgpsy4cqb72oe/

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2022.0245

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042261

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3349

Trust: 0.6

url:https://packetstormsecurity.com/files/170303/gentoo-linux-security-advisory-202212-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021111512

Trust: 0.6

url:https://packetstormsecurity.com/files/165337/red-hat-security-advisory-2021-5191-02.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/curl-man-in-the-middle-via-protocol-downgrade-36418

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3392

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6510176

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4280

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022022222

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3119

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3878

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021110316

Trust: 0.6

url:https://packetstormsecurity.com/files/164948/red-hat-security-advisory-2021-4618-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022062007

Trust: 0.6

url:https://packetstormsecurity.com/files/169318/debian-security-advisory-5197-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164172/ubuntu-security-notice-usn-5079-2.html

Trust: 0.6

url:https://packetstormsecurity.com/files/166714/red-hat-security-advisory-2022-1354-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4095

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4172

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4266

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1837

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1637

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101006

Trust: 0.6

url:https://packetstormsecurity.com/files/164740/red-hat-security-advisory-2021-4059-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164220/ubuntu-security-notice-usn-5079-3.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6527796

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3146

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021091514

Trust: 0.6

url:https://support.apple.com/en-us/ht213183

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021091715

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3215

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3022

Trust: 0.6

url:https://packetstormsecurity.com/files/165135/red-hat-security-advisory-2021-4914-06.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071832

Trust: 0.6

url:https://packetstormsecurity.com/files/165209/red-hat-security-advisory-2021-5038-04.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031433

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1025

Trust: 0.6

url:https://packetstormsecurity.com/files/166112/red-hat-security-advisory-2022-0635-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3979

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3658

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011905

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092301

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3934

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021091601

Trust: 0.6

url:https://packetstormsecurity.com/files/165099/red-hat-security-advisory-2021-4848-07.html

Trust: 0.6

url:https://packetstormsecurity.com/files/165053/red-hat-security-advisory-2021-4766-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164993/red-hat-security-advisory-2021-4628-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3119.2

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3260

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031104

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-22945

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22924

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22924

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://ubuntu.com/security/notices/usn-5079-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-33929

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-0512

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-33930

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3656

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3733

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36385

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36385

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3656

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-0512

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-33928

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-33938

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22609

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4173

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22612

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22610

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4136

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22616

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4192

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-46059

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0156

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0158

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22613

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4193

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30918

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22600

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22599

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4166

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0128

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22597

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22611

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22615

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4187

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22582

Trust: 0.1

url:https://support.apple.com/ht213183.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1354

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0635

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.15

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.7

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.74.0-1ubuntu2.3

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5079-4

Trust: 0.1

url:https://launchpad.net/bugs/1944120

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23369

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23383

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23369

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4628

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23383

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32803

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32626

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32690

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3711

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4618

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32675

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22922

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32675

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32804

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33623

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23017

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41099

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32804

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32627

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32672

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32627

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32628

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22922

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32626

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3711

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32672

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22923

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33623

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32687

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23017

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22923

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32687

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32628

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32803

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27782

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32206

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32207

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27781

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27776

Trust: 0.1

url:https://security-tracker.debian.org/tracker/curl

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22576

Trust: 0.1

sources: VULHUB: VHN-381420 // PACKETSTORM: 166319 // PACKETSTORM: 166714 // PACKETSTORM: 166112 // PACKETSTORM: 164171 // PACKETSTORM: 164230 // PACKETSTORM: 164993 // PACKETSTORM: 164948 // PACKETSTORM: 169318 // CNNVD: CNNVD-202109-997 // NVD: CVE-2021-22946

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 166714 // PACKETSTORM: 166112 // PACKETSTORM: 164993 // PACKETSTORM: 164948

SOURCES

db:VULHUBid:VHN-381420
db:PACKETSTORMid:166319
db:PACKETSTORMid:166714
db:PACKETSTORMid:166112
db:PACKETSTORMid:164171
db:PACKETSTORMid:164230
db:PACKETSTORMid:164993
db:PACKETSTORMid:164948
db:PACKETSTORMid:169318
db:CNNVDid:CNNVD-202109-997
db:NVDid:CVE-2021-22946

LAST UPDATE DATE

2024-11-07T20:31:45.661000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-381420date:2023-01-05T00:00:00
db:CNNVDid:CNNVD-202109-997date:2023-06-05T00:00:00
db:NVDid:CVE-2021-22946date:2024-03-27T15:12:52.090

SOURCES RELEASE DATE

db:VULHUBid:VHN-381420date:2021-09-29T00:00:00
db:PACKETSTORMid:166319date:2022-03-15T15:49:02
db:PACKETSTORMid:166714date:2022-04-13T22:20:44
db:PACKETSTORMid:166112date:2022-02-23T13:41:41
db:PACKETSTORMid:164171date:2021-09-15T15:27:42
db:PACKETSTORMid:164230date:2021-09-21T15:49:35
db:PACKETSTORMid:164993date:2021-11-17T15:07:42
db:PACKETSTORMid:164948date:2021-11-12T17:01:04
db:PACKETSTORMid:169318date:2022-08-28T19:12:00
db:CNNVDid:CNNVD-202109-997date:2021-09-15T00:00:00
db:NVDid:CVE-2021-22946date:2021-09-29T20:15:08.187