Sign-up

ID

VAR-202109-1966


CVE

CVE-2021-3733


TITLE

Python Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202109-1139

DESCRIPTION

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. Python is an open source, object-oriented programming language developed by the Python Foundation. The language is scalable, supports modules and packages, and supports multiple platforms. A code issue vulnerability exists in Python due to a failure in the product to properly handle RCFS. In Python3's Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. (CVE-2020-27619) The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. (CVE-2021-3737) ftplib should not use the host from the PASV response (CVE-2021-4189) A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like r and n in the URL path. This flaw allows an malicious user to input a crafted URL, leading to injection attacks. (CVE-2022-0391). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: python39:3.9 and python39-devel:3.9 security update Advisory ID: RHSA-2021:4160-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4160 Issue date: 2021-11-09 CVE Names: CVE-2021-3426 CVE-2021-3572 CVE-2021-3733 CVE-2021-3737 CVE-2021-28957 CVE-2021-29921 CVE-2021-33503 ==================================================================== 1. Summary: An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Information disclosure via pydoc (CVE-2021-3426) * python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733) * python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957) * python-ipaddress: Improper input validation of octal strings (CVE-2021-29921) * python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503) * python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572) * python: urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1935913 - CVE-2021-3426 python: Information disclosure via pydoc 1941534 - CVE-2021-28957 python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS 1957458 - CVE-2021-29921 python-ipaddress: Improper input validation of octal strings 1962856 - CVE-2021-3572 python-pip: Incorrect handling of unicode separators in git references 1968074 - CVE-2021-33503 python-urllib3: ReDoS in the parsing of authority part of URL 1995162 - CVE-2021-3737 python: urllib: HTTP client possible infinite loop on a 100 Continue response 1995234 - CVE-2021-3733 python: urllib: Regular expression DoS in AbstractBasicAuthHandler 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: PyYAML-5.4.1-1.module+el8.5.0+10613+59a13ec4.src.rpm mod_wsgi-4.7.1-4.module+el8.4.0+9822+20bf1249.src.rpm numpy-1.19.4-3.module+el8.5.0+12204+54860423.src.rpm python-PyMySQL-0.10.1-2.module+el8.4.0+9822+20bf1249.src.rpm python-cffi-1.14.3-2.module+el8.4.0+9822+20bf1249.src.rpm python-chardet-3.0.4-19.module+el8.4.0+9822+20bf1249.src.rpm python-cryptography-3.3.1-2.module+el8.4.0+9822+20bf1249.src.rpm python-idna-2.10-3.module+el8.4.0+9822+20bf1249.src.rpm python-lxml-4.6.2-3.module+el8.5.0+10536+a233b742.src.rpm python-ply-3.11-10.module+el8.4.0+9822+20bf1249.src.rpm python-psutil-5.8.0-4.module+el8.4.0+9822+20bf1249.src.rpm python-psycopg2-2.8.6-2.module+el8.4.0+9822+20bf1249.src.rpm python-pycparser-2.20-3.module+el8.4.0+9822+20bf1249.src.rpm python-pysocks-1.7.1-4.module+el8.4.0+9822+20bf1249.src.rpm python-requests-2.25.0-2.module+el8.4.0+9822+20bf1249.src.rpm python-toml-0.10.1-5.module+el8.4.0+9822+20bf1249.src.rpm python-urllib3-1.25.10-4.module+el8.5.0+11712+ea2d2be1.src.rpm python-wheel-0.35.1-4.module+el8.5.0+12204+54860423.src.rpm python39-3.9.6-2.module+el8.5.0+12204+54860423.src.rpm python3x-pip-20.2.4-6.module+el8.5.0+12204+54860423.src.rpm python3x-setuptools-50.3.2-4.module+el8.5.0+12204+54860423.src.rpm python3x-six-1.15.0-3.module+el8.4.0+9822+20bf1249.src.rpm scipy-1.5.4-3.module+el8.4.0+9822+20bf1249.src.rpm aarch64: PyYAML-debugsource-5.4.1-1.module+el8.5.0+10613+59a13ec4.aarch64.rpm numpy-debugsource-1.19.4-3.module+el8.5.0+12204+54860423.aarch64.rpm python-cffi-debugsource-1.14.3-2.module+el8.4.0+9822+20bf1249.aarch64.rpm python-cryptography-debugsource-3.3.1-2.module+el8.4.0+9822+20bf1249.aarch64.rpm python-lxml-debugsource-4.6.2-3.module+el8.5.0+10536+a233b742.aarch64.rpm python-psutil-debugsource-5.8.0-4.module+el8.4.0+9822+20bf1249.aarch64.rpm python-psycopg2-debugsource-2.8.6-2.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-3.9.6-2.module+el8.5.0+12204+54860423.aarch64.rpm python39-cffi-1.14.3-2.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-cffi-debuginfo-1.14.3-2.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-cryptography-3.3.1-2.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-cryptography-debuginfo-3.3.1-2.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-debuginfo-3.9.6-2.module+el8.5.0+12204+54860423.aarch64.rpm python39-debugsource-3.9.6-2.module+el8.5.0+12204+54860423.aarch64.rpm python39-devel-3.9.6-2.module+el8.5.0+12204+54860423.aarch64.rpm python39-idle-3.9.6-2.module+el8.5.0+12204+54860423.aarch64.rpm python39-libs-3.9.6-2.module+el8.5.0+12204+54860423.aarch64.rpm python39-lxml-4.6.2-3.module+el8.5.0+10536+a233b742.aarch64.rpm python39-lxml-debuginfo-4.6.2-3.module+el8.5.0+10536+a233b742.aarch64.rpm python39-mod_wsgi-4.7.1-4.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-numpy-1.19.4-3.module+el8.5.0+12204+54860423.aarch64.rpm python39-numpy-debuginfo-1.19.4-3.module+el8.5.0+12204+54860423.aarch64.rpm python39-numpy-f2py-1.19.4-3.module+el8.5.0+12204+54860423.aarch64.rpm python39-psutil-5.8.0-4.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-psutil-debuginfo-5.8.0-4.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-psycopg2-2.8.6-2.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-psycopg2-debuginfo-2.8.6-2.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-psycopg2-doc-2.8.6-2.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-psycopg2-tests-2.8.6-2.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-pyyaml-5.4.1-1.module+el8.5.0+10613+59a13ec4.aarch64.rpm python39-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10613+59a13ec4.aarch64.rpm python39-scipy-1.5.4-3.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-scipy-debuginfo-1.5.4-3.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-test-3.9.6-2.module+el8.5.0+12204+54860423.aarch64.rpm python39-tkinter-3.9.6-2.module+el8.5.0+12204+54860423.aarch64.rpm scipy-debugsource-1.5.4-3.module+el8.4.0+9822+20bf1249.aarch64.rpm noarch: python39-PyMySQL-0.10.1-2.module+el8.4.0+9822+20bf1249.noarch.rpm python39-chardet-3.0.4-19.module+el8.4.0+9822+20bf1249.noarch.rpm python39-idna-2.10-3.module+el8.4.0+9822+20bf1249.noarch.rpm python39-numpy-doc-1.19.4-3.module+el8.5.0+12204+54860423.noarch.rpm python39-pip-20.2.4-6.module+el8.5.0+12204+54860423.noarch.rpm python39-pip-wheel-20.2.4-6.module+el8.5.0+12204+54860423.noarch.rpm python39-ply-3.11-10.module+el8.4.0+9822+20bf1249.noarch.rpm python39-pycparser-2.20-3.module+el8.4.0+9822+20bf1249.noarch.rpm python39-pysocks-1.7.1-4.module+el8.4.0+9822+20bf1249.noarch.rpm python39-requests-2.25.0-2.module+el8.4.0+9822+20bf1249.noarch.rpm python39-rpm-macros-3.9.6-2.module+el8.5.0+12204+54860423.noarch.rpm python39-setuptools-50.3.2-4.module+el8.5.0+12204+54860423.noarch.rpm python39-setuptools-wheel-50.3.2-4.module+el8.5.0+12204+54860423.noarch.rpm python39-six-1.15.0-3.module+el8.4.0+9822+20bf1249.noarch.rpm python39-toml-0.10.1-5.module+el8.4.0+9822+20bf1249.noarch.rpm python39-urllib3-1.25.10-4.module+el8.5.0+11712+ea2d2be1.noarch.rpm python39-wheel-0.35.1-4.module+el8.5.0+12204+54860423.noarch.rpm python39-wheel-wheel-0.35.1-4.module+el8.5.0+12204+54860423.noarch.rpm ppc64le: PyYAML-debugsource-5.4.1-1.module+el8.5.0+10613+59a13ec4.ppc64le.rpm numpy-debugsource-1.19.4-3.module+el8.5.0+12204+54860423.ppc64le.rpm python-cffi-debugsource-1.14.3-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm python-cryptography-debugsource-3.3.1-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm python-lxml-debugsource-4.6.2-3.module+el8.5.0+10536+a233b742.ppc64le.rpm python-psutil-debugsource-5.8.0-4.module+el8.4.0+9822+20bf1249.ppc64le.rpm python-psycopg2-debugsource-2.8.6-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-3.9.6-2.module+el8.5.0+12204+54860423.ppc64le.rpm python39-cffi-1.14.3-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-cffi-debuginfo-1.14.3-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-cryptography-3.3.1-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-cryptography-debuginfo-3.3.1-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-debuginfo-3.9.6-2.module+el8.5.0+12204+54860423.ppc64le.rpm python39-debugsource-3.9.6-2.module+el8.5.0+12204+54860423.ppc64le.rpm python39-devel-3.9.6-2.module+el8.5.0+12204+54860423.ppc64le.rpm python39-idle-3.9.6-2.module+el8.5.0+12204+54860423.ppc64le.rpm python39-libs-3.9.6-2.module+el8.5.0+12204+54860423.ppc64le.rpm python39-lxml-4.6.2-3.module+el8.5.0+10536+a233b742.ppc64le.rpm python39-lxml-debuginfo-4.6.2-3.module+el8.5.0+10536+a233b742.ppc64le.rpm python39-mod_wsgi-4.7.1-4.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-numpy-1.19.4-3.module+el8.5.0+12204+54860423.ppc64le.rpm python39-numpy-debuginfo-1.19.4-3.module+el8.5.0+12204+54860423.ppc64le.rpm python39-numpy-f2py-1.19.4-3.module+el8.5.0+12204+54860423.ppc64le.rpm python39-psutil-5.8.0-4.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-psutil-debuginfo-5.8.0-4.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-psycopg2-2.8.6-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-psycopg2-debuginfo-2.8.6-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-psycopg2-doc-2.8.6-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-psycopg2-tests-2.8.6-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-pyyaml-5.4.1-1.module+el8.5.0+10613+59a13ec4.ppc64le.rpm python39-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10613+59a13ec4.ppc64le.rpm python39-scipy-1.5.4-3.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-scipy-debuginfo-1.5.4-3.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-test-3.9.6-2.module+el8.5.0+12204+54860423.ppc64le.rpm python39-tkinter-3.9.6-2.module+el8.5.0+12204+54860423.ppc64le.rpm scipy-debugsource-1.5.4-3.module+el8.4.0+9822+20bf1249.ppc64le.rpm s390x: PyYAML-debugsource-5.4.1-1.module+el8.5.0+10613+59a13ec4.s390x.rpm numpy-debugsource-1.19.4-3.module+el8.5.0+12204+54860423.s390x.rpm python-cffi-debugsource-1.14.3-2.module+el8.4.0+9822+20bf1249.s390x.rpm python-cryptography-debugsource-3.3.1-2.module+el8.4.0+9822+20bf1249.s390x.rpm python-lxml-debugsource-4.6.2-3.module+el8.5.0+10536+a233b742.s390x.rpm python-psutil-debugsource-5.8.0-4.module+el8.4.0+9822+20bf1249.s390x.rpm python-psycopg2-debugsource-2.8.6-2.module+el8.4.0+9822+20bf1249.s390x.rpm python39-3.9.6-2.module+el8.5.0+12204+54860423.s390x.rpm python39-cffi-1.14.3-2.module+el8.4.0+9822+20bf1249.s390x.rpm python39-cffi-debuginfo-1.14.3-2.module+el8.4.0+9822+20bf1249.s390x.rpm python39-cryptography-3.3.1-2.module+el8.4.0+9822+20bf1249.s390x.rpm python39-cryptography-debuginfo-3.3.1-2.module+el8.4.0+9822+20bf1249.s390x.rpm python39-debuginfo-3.9.6-2.module+el8.5.0+12204+54860423.s390x.rpm python39-debugsource-3.9.6-2.module+el8.5.0+12204+54860423.s390x.rpm python39-devel-3.9.6-2.module+el8.5.0+12204+54860423.s390x.rpm python39-idle-3.9.6-2.module+el8.5.0+12204+54860423.s390x.rpm python39-libs-3.9.6-2.module+el8.5.0+12204+54860423.s390x.rpm python39-lxml-4.6.2-3.module+el8.5.0+10536+a233b742.s390x.rpm python39-lxml-debuginfo-4.6.2-3.module+el8.5.0+10536+a233b742.s390x.rpm python39-mod_wsgi-4.7.1-4.module+el8.4.0+9822+20bf1249.s390x.rpm python39-numpy-1.19.4-3.module+el8.5.0+12204+54860423.s390x.rpm python39-numpy-debuginfo-1.19.4-3.module+el8.5.0+12204+54860423.s390x.rpm python39-numpy-f2py-1.19.4-3.module+el8.5.0+12204+54860423.s390x.rpm python39-psutil-5.8.0-4.module+el8.4.0+9822+20bf1249.s390x.rpm python39-psutil-debuginfo-5.8.0-4.module+el8.4.0+9822+20bf1249.s390x.rpm python39-psycopg2-2.8.6-2.module+el8.4.0+9822+20bf1249.s390x.rpm python39-psycopg2-debuginfo-2.8.6-2.module+el8.4.0+9822+20bf1249.s390x.rpm python39-psycopg2-doc-2.8.6-2.module+el8.4.0+9822+20bf1249.s390x.rpm python39-psycopg2-tests-2.8.6-2.module+el8.4.0+9822+20bf1249.s390x.rpm python39-pyyaml-5.4.1-1.module+el8.5.0+10613+59a13ec4.s390x.rpm python39-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10613+59a13ec4.s390x.rpm python39-scipy-1.5.4-3.module+el8.4.0+9822+20bf1249.s390x.rpm python39-scipy-debuginfo-1.5.4-3.module+el8.4.0+9822+20bf1249.s390x.rpm python39-test-3.9.6-2.module+el8.5.0+12204+54860423.s390x.rpm python39-tkinter-3.9.6-2.module+el8.5.0+12204+54860423.s390x.rpm scipy-debugsource-1.5.4-3.module+el8.4.0+9822+20bf1249.s390x.rpm x86_64: PyYAML-debugsource-5.4.1-1.module+el8.5.0+10613+59a13ec4.x86_64.rpm numpy-debugsource-1.19.4-3.module+el8.5.0+12204+54860423.x86_64.rpm python-cffi-debugsource-1.14.3-2.module+el8.4.0+9822+20bf1249.x86_64.rpm python-cryptography-debugsource-3.3.1-2.module+el8.4.0+9822+20bf1249.x86_64.rpm python-lxml-debugsource-4.6.2-3.module+el8.5.0+10536+a233b742.x86_64.rpm python-psutil-debugsource-5.8.0-4.module+el8.4.0+9822+20bf1249.x86_64.rpm python-psycopg2-debugsource-2.8.6-2.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-3.9.6-2.module+el8.5.0+12204+54860423.x86_64.rpm python39-cffi-1.14.3-2.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-cffi-debuginfo-1.14.3-2.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-cryptography-3.3.1-2.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-cryptography-debuginfo-3.3.1-2.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-debuginfo-3.9.6-2.module+el8.5.0+12204+54860423.x86_64.rpm python39-debugsource-3.9.6-2.module+el8.5.0+12204+54860423.x86_64.rpm python39-devel-3.9.6-2.module+el8.5.0+12204+54860423.x86_64.rpm python39-idle-3.9.6-2.module+el8.5.0+12204+54860423.x86_64.rpm python39-libs-3.9.6-2.module+el8.5.0+12204+54860423.x86_64.rpm python39-lxml-4.6.2-3.module+el8.5.0+10536+a233b742.x86_64.rpm python39-lxml-debuginfo-4.6.2-3.module+el8.5.0+10536+a233b742.x86_64.rpm python39-mod_wsgi-4.7.1-4.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-numpy-1.19.4-3.module+el8.5.0+12204+54860423.x86_64.rpm python39-numpy-debuginfo-1.19.4-3.module+el8.5.0+12204+54860423.x86_64.rpm python39-numpy-f2py-1.19.4-3.module+el8.5.0+12204+54860423.x86_64.rpm python39-psutil-5.8.0-4.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-psutil-debuginfo-5.8.0-4.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-psycopg2-2.8.6-2.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-psycopg2-debuginfo-2.8.6-2.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-psycopg2-doc-2.8.6-2.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-psycopg2-tests-2.8.6-2.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-pyyaml-5.4.1-1.module+el8.5.0+10613+59a13ec4.x86_64.rpm python39-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10613+59a13ec4.x86_64.rpm python39-scipy-1.5.4-3.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-scipy-debuginfo-1.5.4-3.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-test-3.9.6-2.module+el8.5.0+12204+54860423.x86_64.rpm python39-tkinter-3.9.6-2.module+el8.5.0+12204+54860423.x86_64.rpm scipy-debugsource-1.5.4-3.module+el8.4.0+9822+20bf1249.x86_64.rpm Red Hat Enterprise Linux CRB (v. 8): Source: Cython-0.29.21-5.module+el8.4.0+9822+20bf1249.src.rpm pybind11-2.6.1-2.module+el8.4.0+9822+20bf1249.src.rpm pytest-6.0.2-2.module+el8.4.0+9822+20bf1249.src.rpm python-attrs-20.3.0-2.module+el8.4.0+9822+20bf1249.src.rpm python-iniconfig-1.1.1-2.module+el8.4.0+9822+20bf1249.src.rpm python-more-itertools-8.5.0-2.module+el8.4.0+9822+20bf1249.src.rpm python-packaging-20.4-4.module+el8.4.0+9822+20bf1249.src.rpm python-pluggy-0.13.1-3.module+el8.4.0+9822+20bf1249.src.rpm python-py-1.10.0-1.module+el8.4.0+9822+20bf1249.src.rpm python-wcwidth-0.2.5-3.module+el8.4.0+9822+20bf1249.src.rpm python3x-pyparsing-2.4.7-5.module+el8.4.0+9822+20bf1249.src.rpm aarch64: Cython-debugsource-0.29.21-5.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-Cython-0.29.21-5.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-Cython-debuginfo-0.29.21-5.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-debug-3.9.6-2.module+el8.5.0+12204+54860423.aarch64.rpm python39-pybind11-2.6.1-2.module+el8.4.0+9822+20bf1249.aarch64.rpm python39-pybind11-devel-2.6.1-2.module+el8.4.0+9822+20bf1249.aarch64.rpm noarch: python39-attrs-20.3.0-2.module+el8.4.0+9822+20bf1249.noarch.rpm python39-iniconfig-1.1.1-2.module+el8.4.0+9822+20bf1249.noarch.rpm python39-more-itertools-8.5.0-2.module+el8.4.0+9822+20bf1249.noarch.rpm python39-packaging-20.4-4.module+el8.4.0+9822+20bf1249.noarch.rpm python39-pluggy-0.13.1-3.module+el8.4.0+9822+20bf1249.noarch.rpm python39-py-1.10.0-1.module+el8.4.0+9822+20bf1249.noarch.rpm python39-pyparsing-2.4.7-5.module+el8.4.0+9822+20bf1249.noarch.rpm python39-pytest-6.0.2-2.module+el8.4.0+9822+20bf1249.noarch.rpm python39-wcwidth-0.2.5-3.module+el8.4.0+9822+20bf1249.noarch.rpm ppc64le: Cython-debugsource-0.29.21-5.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-Cython-0.29.21-5.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-Cython-debuginfo-0.29.21-5.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-debug-3.9.6-2.module+el8.5.0+12204+54860423.ppc64le.rpm python39-pybind11-2.6.1-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm python39-pybind11-devel-2.6.1-2.module+el8.4.0+9822+20bf1249.ppc64le.rpm s390x: Cython-debugsource-0.29.21-5.module+el8.4.0+9822+20bf1249.s390x.rpm python39-Cython-0.29.21-5.module+el8.4.0+9822+20bf1249.s390x.rpm python39-Cython-debuginfo-0.29.21-5.module+el8.4.0+9822+20bf1249.s390x.rpm python39-debug-3.9.6-2.module+el8.5.0+12204+54860423.s390x.rpm python39-pybind11-2.6.1-2.module+el8.4.0+9822+20bf1249.s390x.rpm python39-pybind11-devel-2.6.1-2.module+el8.4.0+9822+20bf1249.s390x.rpm x86_64: Cython-debugsource-0.29.21-5.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-Cython-0.29.21-5.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-Cython-debuginfo-0.29.21-5.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-debug-3.9.6-2.module+el8.5.0+12204+54860423.x86_64.rpm python39-pybind11-2.6.1-2.module+el8.4.0+9822+20bf1249.x86_64.rpm python39-pybind11-devel-2.6.1-2.module+el8.4.0+9822+20bf1249.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3426 https://access.redhat.com/security/cve/CVE-2021-3572 https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-28957 https://access.redhat.com/security/cve/CVE-2021-29921 https://access.redhat.com/security/cve/CVE-2021-33503 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYreYNzjgjWX9erEAQg5JhAAgELdz0IlEn7dZG/chVvKDnnhrf0TtJI9 y1RyA85eI09xJiSGx0O9CjvZD+ZvqtzY4SjD08IS0bhNSw2VRTEwS8pKo2UBz4uU bA0SWmvxYgT0+lKnMTrnsa9uaR559ptxdiWbf5JhMesg3KBm1XQL8EcMJpmMc5dc u8LjpvKlORY5Lxw7rmZGlJJqkUfcu8IlviSrnC2eng6J6s9SE/vHXHyq1SVA9khU zCOphxcI+7qo1GZrn+5Tgy0IA4i9cnh8l6B2KuaXkpoZHV/b0jgNhbvkoEj4mAQi xZOJ1qOVwHW999Qft7yKqCuwBWEN9O9NMh3FtJkoZOMZ9h7sgbuoJI8GagYBmuk8 HLVF/yE1EWJJg6l5DqI7Whrbd+Ago7Fa5bjCdGLK9+JM/7wDjJlIcqcinH9+N3BJ RYZCvD+Vf7QKfjnamz7IkO5z4mSaSOORpWFAiwk9RC0aU+keHi/uxIfmxbN+jZTm cvkomLCYlHDhhX8KCdLSPV4oEK85+elUpb24oynD8oKfXhlJx9B3jNvTC92Pefkx UJxof+wlu7ltURYhYkEVGrbimUqDnG+LJAvyx+UyL+wB6HUaorPo1o2YcADzchIA 3d237NI0XkYXoDPfYUKTZPvfdIRfUIouGzPV6bKBZVnTHhIcNBJiZOB8D92PvaWc aXlyKRlF69I=ym0F -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-5200-1 December 17, 2021 python3.7, python3.8 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Python could be made to crash if it receives specially crafted input from a malicious server. (CVE-2020-8492) It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. (CVE-2021-3737) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libpython3.7-stdlib 3.7.5-2ubuntu1~18.04.2 libpython3.8-stdlib 3.8.0-3ubuntu1~18.04.2 python3.7 3.7.5-2ubuntu1~18.04.2 python3.7-minimal 3.7.5-2ubuntu1~18.04.2 python3.8 3.8.0-3ubuntu1~18.04.2 python3.8-minimal 3.8.0-3ubuntu1~18.04.2 In general, a standard system update will make all the necessary changes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. An attacker could possibly use this issue to cause a denial of service. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.2.10 General Availability release images, which provide one or more container updates and bug fixes. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security fixes, bug fixes and container upgrades. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/ Security fixes: * CVE-2021-3795 semver-regex: inefficient regular expression complexity * CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 Related bugs: * RHACM 2.2.10 images (Bugzilla #2013652) 3. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1997017 - unprivileged client fails to get guest agent data 1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import 2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed 2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion 2007336 - 4.8.3 containers 2007776 - Failed to Migrate Windows VM with CDROM (readonly) 2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted 2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues 2026881 - [4.8.3] vlan-filtering is getting applied on veth ports 5. 8) - aarch64, ppc64le, s390x, x86_64 3. Bugs fixed (https://bugzilla.redhat.com/): 1995234 - CVE-2021-3733 python: urllib: Regular expression DoS in AbstractBasicAuthHandler 6

Trust: 1.71

sources: NVD: CVE-2021-3733 // VULHUB: VHN-397442 // VULMON: CVE-2021-3733 // PACKETSTORM: 164859 // PACKETSTORM: 165361 // PACKETSTORM: 165363 // PACKETSTORM: 164190 // PACKETSTORM: 165209 // PACKETSTORM: 165135 // PACKETSTORM: 164741

AFFECTED PRODUCTS

vendor:pythonmodel:pythonscope:gteversion:3.8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:8.4

Trust: 1.0

vendor:redhatmodel:enterprise linux for ibm z systemsscope:eqversion:8.0

Trust: 1.0

vendor:pythonmodel:pythonscope:gteversion:3.7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server update services for sap solutionsscope:eqversion:8.4

Trust: 1.0

vendor:fedoraprojectmodel:extra packages for enterprise linuxscope:eqversion:7.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:36

Trust: 1.0

vendor:netappmodel:solidfire\, enterprise sds \& hci storage nodescope:eqversion: -

Trust: 1.0

vendor:redhatmodel:codeready linux builder for power little endianscope:eqversion:8.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:pythonmodel:pythonscope:gteversion:3.9.0

Trust: 1.0

vendor:redhatmodel:enterprise linux for power little endian eusscope:eqversion:8.4

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:management services for element software and netapp hciscope:eqversion: -

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.6.14

Trust: 1.0

vendor:redhatmodel:codeready linux builderscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:8.4

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.7.11

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.9.5

Trust: 1.0

vendor:redhatmodel:enterprise linux for ibm z systems eusscope:eqversion:8.4

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.8.10

Trust: 1.0

vendor:redhatmodel:enterprise linux server for power little endian update services for sap solutionsscope:eqversion:8.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:8.4

Trust: 1.0

vendor:pythonmodel:pythonscope:eqversion:3.10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:redhatmodel:enterprise linux for power little endianscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:hci compute nodescope:eqversion: -

Trust: 1.0

vendor:netappmodel:ontap select deploy administration utilityscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:codeready linux builder for ibm z systemsscope:eqversion:8.0

Trust: 1.0

sources: NVD: CVE-2021-3733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-3733
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202109-1139
value: MEDIUM

Trust: 0.6

VULHUB: VHN-397442
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-3733
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-3733
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-397442
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-3733
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-397442 // VULMON: CVE-2021-3733 // CNNVD: CNNVD-202109-1139 // NVD: CVE-2021-3733

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

sources: VULHUB: VHN-397442 // NVD: CVE-2021-3733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1139

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202109-1139

PATCH

title:SUSE Linux Enterprise Server Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=171073

Trust: 0.6

title:Red Hat: Moderate: python27-python and python27-python-pip security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221663 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: python27:2.7 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221821 - Security Advisory

Trust: 0.1

title:IBM: Security Bulletin: IBM Sterling Control Center vulnerable to multiple issues to due IBM Cognos Analystics (CVE-2022-4160, CVE-2021-3733)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=9d831a6a306a903e583b6a76777d1085

Trust: 0.1

title:Amazon Linux AMI: ALAS-2022-1593url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1593

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1802url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1802

Trust: 0.1

title:IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2022-34339, CVE-2021-3712, CVE-2021-3711, CVE-2021-4160, CVE-2021-29425, CVE-2021-3733, CVE-2021-3737, CVE-2022-0391, CVE-2021-43138, CVE-2022-24758)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=cbece86f0c3bef5a678f2bb3dbbb854b

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.10.3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220056 - Security Advisory

Trust: 0.1

sources: VULMON: CVE-2021-3733 // CNNVD: CNNVD-202109-1139

EXTERNAL IDS

db:NVDid:CVE-2021-3733

Trust: 2.5

db:PACKETSTORMid:165363

Trust: 0.8

db:PACKETSTORMid:164741

Trust: 0.8

db:PACKETSTORMid:164859

Trust: 0.8

db:PACKETSTORMid:164948

Trust: 0.7

db:PACKETSTORMid:165053

Trust: 0.7

db:PACKETSTORMid:167043

Trust: 0.7

db:PACKETSTORMid:164993

Trust: 0.7

db:CNNVDid:CNNVD-202109-1139

Trust: 0.7

db:PACKETSTORMid:164190

Trust: 0.7

db:AUSCERTid:ESB-2021.4095

Trust: 0.6

db:AUSCERTid:ESB-2023.3774

Trust: 0.6

db:AUSCERTid:ESB-2021.3941

Trust: 0.6

db:AUSCERTid:ESB-2022.1025

Trust: 0.6

db:AUSCERTid:ESB-2023.3839

Trust: 0.6

db:AUSCERTid:ESB-2021.4292

Trust: 0.6

db:AUSCERTid:ESB-2021.4172

Trust: 0.6

db:AUSCERTid:ESB-2021.3659

Trust: 0.6

db:AUSCERTid:ESB-2021.3138

Trust: 0.6

db:AUSCERTid:ESB-2022.2021

Trust: 0.6

db:AUSCERTid:ESB-2021.3979

Trust: 0.6

db:AUSCERTid:ESB-2021.3700

Trust: 0.6

db:AUSCERTid:ESB-2021.3813

Trust: 0.6

db:AUSCERTid:ESB-2021.4307

Trust: 0.6

db:AUSCERTid:ESB-2021.3589

Trust: 0.6

db:AUSCERTid:ESB-2021.4238

Trust: 0.6

db:AUSCERTid:ESB-2021.3519

Trust: 0.6

db:AUSCERTid:ESB-2022.0245

Trust: 0.6

db:AUSCERTid:ESB-2021.3878

Trust: 0.6

db:CS-HELPid:SB2022051144

Trust: 0.6

db:CS-HELPid:SB2022070422

Trust: 0.6

db:CS-HELPid:SB2022061211

Trust: 0.6

db:CS-HELPid:SB2021122214

Trust: 0.6

db:CS-HELPid:SB2022050235

Trust: 0.6

db:CS-HELPid:SB2021112309

Trust: 0.6

db:PACKETSTORMid:166913

Trust: 0.6

db:PACKETSTORMid:165361

Trust: 0.2

db:PACKETSTORMid:165008

Trust: 0.1

db:PACKETSTORMid:165337

Trust: 0.1

db:PACKETSTORMid:167023

Trust: 0.1

db:VULHUBid:VHN-397442

Trust: 0.1

db:VULMONid:CVE-2021-3733

Trust: 0.1

db:PACKETSTORMid:165209

Trust: 0.1

db:PACKETSTORMid:165135

Trust: 0.1

sources: VULHUB: VHN-397442 // VULMON: CVE-2021-3733 // PACKETSTORM: 164859 // PACKETSTORM: 165361 // PACKETSTORM: 165363 // PACKETSTORM: 164190 // PACKETSTORM: 165209 // PACKETSTORM: 165135 // PACKETSTORM: 164741 // CNNVD: CNNVD-202109-1139 // NVD: CVE-2021-3733

REFERENCES

url:https://security.netapp.com/advisory/ntap-20220407-0001/

Trust: 1.8

url:https://bugs.python.org/issue43075

Trust: 1.8

url:https://bugzilla.redhat.com/show_bug.cgi?id=1995234

Trust: 1.8

url:https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb

Trust: 1.8

url:https://github.com/python/cpython/pull/24391

Trust: 1.8

url:https://ubuntu.com/security/cve-2021-3733

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html

Trust: 1.6

url:https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html

Trust: 1.6

url:https://www.auscert.org.au/bulletins/esb-2022.0245

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021112309

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3700

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3839

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122214

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-3733/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3138

Trust: 0.6

url:https://packetstormsecurity.com/files/164859/red-hat-security-advisory-2021-4160-03.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051144

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022050235

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1025

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070422

Trust: 0.6

url:https://packetstormsecurity.com/files/167043/red-hat-security-advisory-2022-1821-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164741/red-hat-security-advisory-2021-4057-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3659

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3813

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3979

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3878

Trust: 0.6

url:https://packetstormsecurity.com/files/164190/ubuntu-security-notice-usn-5083-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3519

Trust: 0.6

url:https://packetstormsecurity.com/files/166913/red-hat-security-advisory-2022-1663-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164948/red-hat-security-advisory-2021-4618-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4307

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3774

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3941

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4238

Trust: 0.6

url:https://packetstormsecurity.com/files/165363/ubuntu-security-notice-usn-5199-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3589

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022061211

Trust: 0.6

url:https://packetstormsecurity.com/files/165053/red-hat-security-advisory-2021-4766-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164993/red-hat-security-advisory-2021-4628-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4095

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4172

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2021

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4292

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-3733

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-3737

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36385

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20231

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43267

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-20673

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20266

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-20673

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-36385

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20266

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3778

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20317

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20317

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3796

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20232

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1663

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-center-vulnerable-to-multiple-issues-to-due-ibm-cognos-analystics-cve-2022-4160-cve-2021-3733/

Trust: 0.1

url:https://alas.aws.amazon.com/alas-2022-1593.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4160

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28957

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33503

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29921

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3572

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3426

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3737

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33503

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28957

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29921

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/python3.8/3.8.0-3ubuntu1~18.04.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8492

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5200-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/python3.7/3.7.5-2ubuntu1~18.04.2

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5199-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/python3.6/3.6.9-1~18.04ubuntu1.6

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5083-1

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43527

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5038

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14145

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3795

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23440

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14145

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-34558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0512

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29923

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0512

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4914

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36222

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3656

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28950

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4057

Trust: 0.1

sources: VULHUB: VHN-397442 // VULMON: CVE-2021-3733 // PACKETSTORM: 164859 // PACKETSTORM: 165361 // PACKETSTORM: 165363 // PACKETSTORM: 164190 // PACKETSTORM: 165209 // PACKETSTORM: 165135 // PACKETSTORM: 164741 // CNNVD: CNNVD-202109-1139 // NVD: CVE-2021-3733

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 164859 // PACKETSTORM: 165209 // PACKETSTORM: 165135 // PACKETSTORM: 164741

SOURCES

db:VULHUBid:VHN-397442
db:VULMONid:CVE-2021-3733
db:PACKETSTORMid:164859
db:PACKETSTORMid:165361
db:PACKETSTORMid:165363
db:PACKETSTORMid:164190
db:PACKETSTORMid:165209
db:PACKETSTORMid:165135
db:PACKETSTORMid:164741
db:CNNVDid:CNNVD-202109-1139
db:NVDid:CVE-2021-3733

LAST UPDATE DATE

2024-12-21T19:39:45.870000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-397442date:2022-10-26T00:00:00
db:VULMONid:CVE-2021-3733date:2022-10-26T00:00:00
db:CNNVDid:CNNVD-202109-1139date:2023-07-10T00:00:00
db:NVDid:CVE-2021-3733date:2024-11-21T06:22:16.753

SOURCES RELEASE DATE

db:VULHUBid:VHN-397442date:2022-03-10T00:00:00
db:VULMONid:CVE-2021-3733date:2022-03-10T00:00:00
db:PACKETSTORMid:164859date:2021-11-10T17:08:07
db:PACKETSTORMid:165361date:2021-12-17T19:23:35
db:PACKETSTORMid:165363date:2021-12-17T19:23:51
db:PACKETSTORMid:164190date:2021-09-17T16:02:38
db:PACKETSTORMid:165209date:2021-12-09T14:50:37
db:PACKETSTORMid:165135date:2021-12-03T16:41:45
db:PACKETSTORMid:164741date:2021-11-02T15:33:39
db:CNNVDid:CNNVD-202109-1139date:2021-09-17T00:00:00
db:NVDid:CVE-2021-3733date:2022-03-10T17:42:59.623