ID

VAR-202112-1608


CVE

CVE-2021-44790


TITLE

Apache HTTP Server buffer overflow vulnerability (CNVD-2021-102386)

Trust: 0.6

sources: CNVD: CNVD-2021-102386

DESCRIPTION

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. The server is fast, reliable, and can be expanded through simple APIs. There is a buffer overflow vulnerability in Apache HTTP Server, which originates from the r:parsebody of the product failing to correctly determine the user boundary. An attacker can use this vulnerability to cause a buffer overflow. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2022:0143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0143 Issue date: 2022-01-17 CVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275 CVE-2021-44790 ==================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Security Fix(es): * httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790) * httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691) * httpd: NULL pointer dereference via malformed requests (CVE-2021-34798) * httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-97.el7_9.4.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-97.el7_9.4.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-97.el7_9.4.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm ppc64: httpd-2.4.6-97.el7_9.4.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64.rpm mod_session-2.4.6-97.el7_9.4.ppc64.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64.rpm ppc64le: httpd-2.4.6-97.el7_9.4.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm mod_session-2.4.6-97.el7_9.4.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm s390x: httpd-2.4.6-97.el7_9.4.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm httpd-devel-2.4.6-97.el7_9.4.s390x.rpm httpd-tools-2.4.6-97.el7_9.4.s390x.rpm mod_session-2.4.6-97.el7_9.4.s390x.rpm mod_ssl-2.4.6-97.el7_9.4.s390x.rpm x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm ppc64le: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm s390x: httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm mod_ldap-2.4.6-97.el7_9.4.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-97.el7_9.4.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. 7.6) - noarch, x86_64 3. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files 5. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 macOS Big Sur 11.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213256. apache Available for: macOS Big Sur Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 AppKit Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team AppleAVD Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22675: an anonymous researcher AppleGraphicsControl Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro CoreTypes Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e) CVMS Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori DriverKit Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) Graphics Drivers Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2022-22674: an anonymous researcher Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic) Intel Graphics Driver Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative IOMobileFrameBuffer Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing LaunchServices Available for: macOS Big Sur Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e) libresolv Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team LibreSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778 libxml2 Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 OpenSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778 PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t) Printing Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics Security Available for: macOS Big Sur Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs SMB Available for: macOS Big Sur Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs SoftwareUpdate Available for: macOS Big Sur Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t) TCC Available for: macOS Big Sur Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher Tcl Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e) Vim Available for: macOS Big Sur Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 WebKit Available for: macOS Big Sur Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) Wi-Fi Available for: macOS Big Sur Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval zip Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530 zlib Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy zsh Available for: macOS Big Sur Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444 Additional recognition Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance. macOS Big Sur 11.6.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er K8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW qtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/ vZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP yXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj SY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR VZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF aC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc R2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO zymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4 d22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o= =rtPl -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache HTTPD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" All Apache HTTPD tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" References ========= [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.43

sources: NVD: CVE-2021-44790 // CNVD: CNVD-2021-102386 // VULHUB: VHN-408105 // VULMON: CVE-2021-44790 // PACKETSTORM: 165587 // PACKETSTORM: 166583 // PACKETSTORM: 166579 // PACKETSTORM: 166576 // PACKETSTORM: 166051 // PACKETSTORM: 165747 // PACKETSTORM: 165745 // PACKETSTORM: 167188 // PACKETSTORM: 168072

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-102386

AFFECTED PRODUCTS

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.2

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:lteversion:9.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.4

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.4.51

Trust: 1.0

vendor:tenablemodel:tenable.scscope:ltversion:5.20.0

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:oraclemodel:communications operations monitorscope:eqversion:4.3

Trust: 1.0

vendor:oraclemodel:communications element managerscope:lteversion:9.0

Trust: 1.0

vendor:oraclemodel:communications operations monitorscope:eqversion:4.4

Trust: 1.0

vendor:tenablemodel:tenable.scscope:gteversion:5.16.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.6

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.3

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.1

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:oraclemodel:communications operations monitorscope:eqversion:5.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:10.15.7

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:lteversion:9.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:36

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:<=2.4.51

Trust: 0.6

sources: CNVD: CNVD-2021-102386 // NVD: CVE-2021-44790

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-44790
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2021-102386
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202112-1579
value: CRITICAL

Trust: 0.6

VULHUB: VHN-408105
value: HIGH

Trust: 0.1

VULMON: CVE-2021-44790
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-44790
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2021-102386
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-408105
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-44790
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2021-102386 // VULHUB: VHN-408105 // VULMON: CVE-2021-44790 // CNNVD: CNNVD-202112-1579 // NVD: CVE-2021-44790

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-408105 // NVD: CVE-2021-44790

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 168072 // CNNVD: CNNVD-202112-1579

TYPE

overflow

Trust: 0.6

sources: PACKETSTORM: 165587 // PACKETSTORM: 166583 // PACKETSTORM: 166579 // PACKETSTORM: 166576 // PACKETSTORM: 165747 // PACKETSTORM: 165745

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-408105

PATCH

title:Patch for Apache HTTP Server buffer overflow vulnerability (CNVD-2021-102386)url:https://www.cnvd.org.cn/patchInfo/show/310311

Trust: 0.6

title:Apache HTTP Server Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=175754

Trust: 0.6

title:Red Hat: Important: httpd:2.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220288 - Security Advisory

Trust: 0.1

title:Red Hat: Important: httpd24-httpd security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220303 - Security Advisory

Trust: 0.1

title:Red Hat: Important: httpd security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221137 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift GitOps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220682 - Security Advisory

Trust: 0.1

title:Red Hat: Important: httpd security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221136 - Security Advisory

Trust: 0.1

title:Red Hat: Important: httpd security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221138 - Security Advisory

Trust: 0.1

title:Red Hat: Important: httpd security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221139 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-5035-1 apache2 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=eed1e8ea40feda10ee18daa68a3c5b5a

Trust: 0.1

title:Amazon Linux AMI: ALAS-2022-1560url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1560

Trust: 0.1

title:Red Hat: CVE-2021-44790url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-44790

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1737url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1737

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-018url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-018

Trust: 0.1

title:Tenable Security Advisories: [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202201.1url:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2022-03

Trust: 0.1

title:Tenable Security Advisories: [R1] Tenable.sc 5.20.0 Fixes Multiple Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2022-01

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift GitOps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220580 - Security Advisory

Trust: 0.1

title:Apple: macOS Monterey 12.4url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=73857ee26a600b1527481f1deacc0619

Trust: 0.1

title:-CVE-2021-44790url:https://github.com/nuPacaChi/-CVE-2021-44790

Trust: 0.1

title:SnykDeskurl:https://github.com/cretlaw/SnykDesk

Trust: 0.1

title:emo_emourl:https://github.com/emotest1/emo_emo

Trust: 0.1

title:PROJET TUTEUREurl:https://github.com/PierreChrd/py-projet-tut

Trust: 0.1

title:Tier 0 Tier 1 Tier 2url:https://github.com/Totes5706/TotesHTB

Trust: 0.1

title:Requirements vulnsearch-cve Usage vulnsearch Usage Test Sampleurl:https://github.com/kasem545/vulnsearch

Trust: 0.1

title:Skyneturl:https://github.com/bioly230/THM_Skynet

Trust: 0.1

title:Shodan Search Scripturl:https://github.com/firatesatoglu/shodanSearch

Trust: 0.1

sources: CNVD: CNVD-2021-102386 // VULMON: CVE-2021-44790 // CNNVD: CNNVD-202112-1579

EXTERNAL IDS

db:NVDid:CVE-2021-44790

Trust: 3.3

db:TENABLEid:TNS-2022-01

Trust: 1.8

db:TENABLEid:TNS-2022-03

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2021/12/20/4

Trust: 1.8

db:PACKETSTORMid:171631

Trust: 1.7

db:PACKETSTORMid:165587

Trust: 0.8

db:PACKETSTORMid:165747

Trust: 0.8

db:PACKETSTORMid:168072

Trust: 0.8

db:CNVDid:CNVD-2021-102386

Trust: 0.7

db:PACKETSTORMid:167189

Trust: 0.7

db:PACKETSTORMid:166154

Trust: 0.7

db:PACKETSTORMid:165467

Trust: 0.7

db:PACKETSTORMid:165501

Trust: 0.7

db:PACKETSTORMid:165710

Trust: 0.7

db:ICS CERTid:ICSA-22-132-02

Trust: 0.7

db:PACKETSTORMid:166583

Trust: 0.7

db:AUSCERTid:ESB-2022.0135

Trust: 0.6

db:AUSCERTid:ESB-2022.0716

Trust: 0.6

db:AUSCERTid:ESB-2022.0836

Trust: 0.6

db:AUSCERTid:ESB-2022.0039

Trust: 0.6

db:AUSCERTid:ESB-2022.0217

Trust: 0.6

db:AUSCERTid:ESB-2022.0686

Trust: 0.6

db:AUSCERTid:ESB-2022.2352

Trust: 0.6

db:AUSCERTid:ESB-2022.0064

Trust: 0.6

db:AUSCERTid:ESB-2022.2411

Trust: 0.6

db:AUSCERTid:ESB-2022.0850

Trust: 0.6

db:AUSCERTid:ESB-2022.0354

Trust: 0.6

db:AUSCERTid:ESB-2022.0171

Trust: 0.6

db:AUSCERTid:ESB-2022.0396

Trust: 0.6

db:CS-HELPid:SB2022051316

Trust: 0.6

db:CS-HELPid:SB2022042265

Trust: 0.6

db:CS-HELPid:SB2022030119

Trust: 0.6

db:CS-HELPid:SB2022051703

Trust: 0.6

db:CS-HELPid:SB2021122021

Trust: 0.6

db:CS-HELPid:SB2022060706

Trust: 0.6

db:CS-HELPid:SB2022012517

Trust: 0.6

db:CS-HELPid:SB2022010513

Trust: 0.6

db:CS-HELPid:SB2022012334

Trust: 0.6

db:CS-HELPid:SB2022010609

Trust: 0.6

db:CS-HELPid:SB2022011749

Trust: 0.6

db:CS-HELPid:SB2022021427

Trust: 0.6

db:CS-HELPid:SB2022012003

Trust: 0.6

db:CS-HELPid:SB2022060811

Trust: 0.6

db:CS-HELPid:SB2022012639

Trust: 0.6

db:EXPLOIT-DBid:51193

Trust: 0.6

db:CNNVDid:CNNVD-202112-1579

Trust: 0.6

db:PACKETSTORMid:165745

Trust: 0.2

db:PACKETSTORMid:167188

Trust: 0.2

db:PACKETSTORMid:167186

Trust: 0.1

db:VULHUBid:VHN-408105

Trust: 0.1

db:VULMONid:CVE-2021-44790

Trust: 0.1

db:PACKETSTORMid:166579

Trust: 0.1

db:PACKETSTORMid:166576

Trust: 0.1

db:PACKETSTORMid:166051

Trust: 0.1

sources: CNVD: CNVD-2021-102386 // VULHUB: VHN-408105 // VULMON: CVE-2021-44790 // PACKETSTORM: 165587 // PACKETSTORM: 166583 // PACKETSTORM: 166579 // PACKETSTORM: 166576 // PACKETSTORM: 166051 // PACKETSTORM: 165747 // PACKETSTORM: 165745 // PACKETSTORM: 167188 // PACKETSTORM: 168072 // CNNVD: CNNVD-202112-1579 // NVD: CVE-2021-44790

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-44790

Trust: 2.0

url:https://www.debian.org/security/2022/dsa-5035

Trust: 1.9

url:https://security.gentoo.org/glsa/202208-20

Trust: 1.9

url:https://support.apple.com/kb/ht213255

Trust: 1.8

url:https://support.apple.com/kb/ht213256

Trust: 1.8

url:https://support.apple.com/kb/ht213257

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20211224-0001/

Trust: 1.8

url:https://www.tenable.com/security/tns-2022-01

Trust: 1.8

url:https://www.tenable.com/security/tns-2022-03

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/may/38

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/may/35

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/may/33

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2021/12/20/4

Trust: 1.8

url:http://packetstormsecurity.com/files/171631/apache-2.4.x-buffer-overflow.html

Trust: 1.7

url:http://httpd.apache.org/security/vulnerabilities_24.html

Trust: 1.2

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfswoh4x77cv7ah7c4rmhubdwkqdl4yh/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bfswoh4x77cv7ah7c4rmhubdwkqdl4yh/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2021-44790

Trust: 0.7

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.7

url:https://access.redhat.com/articles/11258

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/security/team/key/

Trust: 0.6

url:httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0686

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051316

Trust: 0.6

url:https://packetstormsecurity.com/files/166583/red-hat-security-advisory-2022-1137-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022010609

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022030119

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042265

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0064

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022021427

Trust: 0.6

url:https://packetstormsecurity.com/files/165587/red-hat-security-advisory-2022-0143-03.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060706

Trust: 0.6

url:https://packetstormsecurity.com/files/165710/red-hat-security-advisory-2022-0258-02.html

Trust: 0.6

url:https://packetstormsecurity.com/files/165501/ubuntu-security-notice-usn-5212-2.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012517

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012639

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0716

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0836

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2352

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022010513

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0217

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2411

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0039

Trust: 0.6

url:https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012334

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0135

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0850

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0354

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051703

Trust: 0.6

url:https://packetstormsecurity.com/files/165747/red-hat-security-advisory-2022-0303-02.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0396

Trust: 0.6

url:https://www.exploit-db.com/exploits/51193

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011749

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0171

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060811

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-http-server-buffer-overflow-via-mod-lua-multipart-content-37112

Trust: 0.6

url:https://packetstormsecurity.com/files/166154/red-hat-security-advisory-2022-0682-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/165467/ubuntu-security-notice-usn-5212-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122021

Trust: 0.6

url:https://support.apple.com/en-us/ht213256

Trust: 0.6

url:https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012003

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-22720

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-22720

Trust: 0.3

url:https://access.redhat.com/errata/rhsa-2022:0288

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-39275

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-34798

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22721

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-44224

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22719

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/nupacachi/-cve-2021-44790

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-02

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-34798

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39275

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-26691

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26691

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0143

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1137

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1138

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1136

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43527

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0580

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33560

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27645

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20231

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14145

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4658

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39241

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24348

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3200

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20271

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14145

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4658

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3521

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0303

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-46059

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22589

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22663

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0128

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4187

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22674

Trust: 0.1

url:https://support.apple.com/ht213256.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0530

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4193

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26697

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4173

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4192

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4136

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-45444

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22675

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26706

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22665

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26712

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4166

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-28614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-31813

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-29404

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-28615

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30522

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41524

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-40438

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30556

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-42013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36160

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23943

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33193

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26377

Trust: 0.1

sources: CNVD: CNVD-2021-102386 // VULHUB: VHN-408105 // VULMON: CVE-2021-44790 // PACKETSTORM: 165587 // PACKETSTORM: 166583 // PACKETSTORM: 166579 // PACKETSTORM: 166576 // PACKETSTORM: 166051 // PACKETSTORM: 165747 // PACKETSTORM: 165745 // PACKETSTORM: 167188 // PACKETSTORM: 168072 // CNNVD: CNNVD-202112-1579 // NVD: CVE-2021-44790

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 165587 // PACKETSTORM: 166583 // PACKETSTORM: 166579 // PACKETSTORM: 166576 // PACKETSTORM: 166051 // PACKETSTORM: 165747 // PACKETSTORM: 165745

SOURCES

db:CNVDid:CNVD-2021-102386
db:VULHUBid:VHN-408105
db:VULMONid:CVE-2021-44790
db:PACKETSTORMid:165587
db:PACKETSTORMid:166583
db:PACKETSTORMid:166579
db:PACKETSTORMid:166576
db:PACKETSTORMid:166051
db:PACKETSTORMid:165747
db:PACKETSTORMid:165745
db:PACKETSTORMid:167188
db:PACKETSTORMid:168072
db:CNNVDid:CNNVD-202112-1579
db:NVDid:CVE-2021-44790

LAST UPDATE DATE

2024-11-07T20:50:00.964000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-102386date:2021-12-27T00:00:00
db:VULHUBid:VHN-408105date:2022-11-02T00:00:00
db:VULMONid:CVE-2021-44790date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-202112-1579date:2023-04-04T00:00:00
db:NVDid:CVE-2021-44790date:2023-11-07T03:39:43.780

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-102386date:2021-12-24T00:00:00
db:VULHUBid:VHN-408105date:2021-12-20T00:00:00
db:VULMONid:CVE-2021-44790date:2021-12-20T00:00:00
db:PACKETSTORMid:165587date:2022-01-17T16:53:40
db:PACKETSTORMid:166583date:2022-04-04T14:36:52
db:PACKETSTORMid:166579date:2022-04-04T14:33:43
db:PACKETSTORMid:166576date:2022-04-04T14:30:33
db:PACKETSTORMid:166051date:2022-02-18T16:37:39
db:PACKETSTORMid:165747date:2022-01-27T14:43:52
db:PACKETSTORMid:165745date:2022-01-27T14:41:16
db:PACKETSTORMid:167188date:2022-05-17T16:59:42
db:PACKETSTORMid:168072date:2022-08-15T16:02:48
db:CNNVDid:CNNVD-202112-1579date:2021-12-20T00:00:00
db:NVDid:CVE-2021-44790date:2021-12-20T12:15:07.440