ID

VAR-202112-2539


CVE

CVE-2021-4193


TITLE

Vim Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202112-2824

DESCRIPTION

vim is vulnerable to Out-of-bounds Read. SourceCoster Online Covid Vaccination Scheduler System is an application system of SourceCoster company. Effectively manage COVID-19 vaccinations with reliable vaccine planning and cohort management solutions. There is a cross-site scripting vulnerability in Sourcecodester Online Covid vaccine Scheduler Systemv1. The vulnerability stems from the lack of escaping or filtering of user data in the lid parameter of the software. (CVE-2022-0319). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-03-14-4 macOS Monterey 12.3 macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183. Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t) curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623 FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976 Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656 GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t) Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t) Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/) SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t) System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes) UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158 VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17 xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group Additional recognition AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance. Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance. Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance. Local Authentication We would like to acknowledge an anonymous researcher for their assistance. Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance. Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance. Siri We would like to acknowledge an anonymous researcher for their assistance. syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance. TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance. WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance. WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance. macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE----- . Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security fixes, bug fixes and container upgrades. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/ Security updates: * object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 (CVE-2021-23434) * follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) Related bugs: * RHACM 2.2.11 images (Bugzilla #2029508) * ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla #2030859) 3. Bugs fixed (https://bugzilla.redhat.com/): 1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 2029508 - RHACM 2.2.11 images 2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 5. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim: heap-based buffer overflow in win_redr_status() in drawscreen.c (CVE-2021-3872) * vim: illegal memory access in find_start_brace() in cindent.c when C-indenting (CVE-2021-3984) * vim: heap-based buffer overflow in find_help_tags() in help.c (CVE-2021-4019) * vim: use-after-free in win_linetabsize() (CVE-2021-4192) * vim: out-of-bound read in getvcol() (CVE-2021-4193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2016056 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() in drawscreen.c 2028122 - CVE-2021-3984 vim: illegal memory access in find_start_brace() in cindent.c when C-indenting 2028212 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in help.c 2039685 - CVE-2021-4192 vim: use-after-free in win_linetabsize() 2039687 - CVE-2021-4193 vim: out-of-bound read in getvcol() 6. Package List: Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security update Advisory ID: RHSA-2022:0444-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0444 Issue date: 2022-02-07 CVE Names: CVE-2021-3521 CVE-2021-3872 CVE-2021-3984 CVE-2021-4019 CVE-2021-4104 CVE-2021-4122 CVE-2021-4192 CVE-2021-4193 CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 ===================================================================== 1. Summary: A new image is available for Red Hat Single Sign-On 7.4.10 on OpenJDK, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.4.10 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security Fix(es): * log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305) * log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To update to the latest Red Hat Single Sign-On 7.4.10 for OpenShift image, Follow these steps to pull in the content: 1. On your master hosts, ensure you are logged into the CLI as a cluster administrator or user with project administrator access to the global "openshift" project. For example: $ oc login -u system:admin 2. Update the core set of Red Hat Single Sign-On resources for OpenShift in the "openshift" project by running the following commands: $ for resource in sso74-image-stream.json \ sso74-https.json \ sso74-mysql.json \ sso74-mysql-persistent.json \ sso74-postgresql.json \ sso74-postgresql-persistent.json \ sso74-x509-https.json \ sso74-x509-mysql-persistent.json \ sso74-x509-postgresql-persistent.json do oc replace -n openshift --force -f \ https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.4.10.GA/templates/${resource} done 3. Install the Red Hat Single Sign-On 7.4.10 for OpenShift streams in the "openshift" project by running the following commands: $ oc -n openshift import-image redhat-sso74-openshift:1.0 4. Bugs fixed (https://bugzilla.redhat.com/): 2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer 5. JIRA issues fixed (https://issues.jboss.org/): CIAM-2060 - [log4j 1.x] RH-SSO 7.4.10 OCP images for x86 6. References: https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3872 https://access.redhat.com/security/cve/CVE-2021-3984 https://access.redhat.com/security/cve/CVE-2021-4019 https://access.redhat.com/security/cve/CVE-2021-4104 https://access.redhat.com/security/cve/CVE-2021-4122 https://access.redhat.com/security/cve/CVE-2021-4192 https://access.redhat.com/security/cve/CVE-2021-4193 https://access.redhat.com/security/cve/CVE-2022-21248 https://access.redhat.com/security/cve/CVE-2022-21282 https://access.redhat.com/security/cve/CVE-2022-21283 https://access.redhat.com/security/cve/CVE-2022-21293 https://access.redhat.com/security/cve/CVE-2022-21294 https://access.redhat.com/security/cve/CVE-2022-21296 https://access.redhat.com/security/cve/CVE-2022-21299 https://access.redhat.com/security/cve/CVE-2022-21305 https://access.redhat.com/security/cve/CVE-2022-21340 https://access.redhat.com/security/cve/CVE-2022-21341 https://access.redhat.com/security/cve/CVE-2022-21360 https://access.redhat.com/security/cve/CVE-2022-21365 https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. Bugs fixed (https://bugzilla.redhat.com/): 1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception 2052539 - CVE-2022-0552 origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2182 - Logging link is not removed when CLO is uninstalled or its instance is removed 6. ========================================================================== Ubuntu Security Notice USN-5458-1 June 02, 2022 vim vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in Vim. An attacker could possibly use this issue to expose sensitive information. (CVE-2021-4193) It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213) It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319) It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351) It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359) It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0361, CVE-2022-0368) It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408) It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm5 In general, a standard system update will make all the necessary changes

Trust: 1.62

sources: NVD: CVE-2021-4193 // VULHUB: VHN-410614 // VULMON: CVE-2021-4193 // PACKETSTORM: 166319 // PACKETSTORM: 166309 // PACKETSTORM: 165813 // PACKETSTORM: 165917 // PACKETSTORM: 166179 // PACKETSTORM: 167368

AFFECTED PRODUCTS

vendor:vimmodel:vimscope:ltversion:8.2.3950

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:macosscope:eqversion:10.15.7

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

sources: NVD: CVE-2021-4193

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-4193
value: MEDIUM

Trust: 1.0

security@huntr.dev: CVE-2021-4193
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202112-2824
value: MEDIUM

Trust: 0.6

VULHUB: VHN-410614
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-4193
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-4193
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-410614
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-4193
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

security@huntr.dev: CVE-2021-4193
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-410614 // VULMON: CVE-2021-4193 // CNNVD: CNNVD-202112-2824 // NVD: CVE-2021-4193 // NVD: CVE-2021-4193

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

sources: VULHUB: VHN-410614 // NVD: CVE-2021-4193

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2824

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202112-2824

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-410614

PATCH

title:Red Hat: Important: Red Hat OpenShift GitOps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220476 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: vim security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220366 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2021-4193url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-4193

Trust: 0.1

title:Red Hat: Moderate: OpenShift Logging bug fix and security update (5.3.5)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220721 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: USN-5458-1: Vim vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5458-1

Trust: 0.1

title:Red Hat: Important: Red Hat Advanced Cluster Management 2.3.6 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220595 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJ9 for OpenShift image security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220445 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220444 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220735 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Release of containers for OSP 16.2 director operator tech previewurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220842 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2022-1557url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1557

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220856 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1743url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1743

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-014url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-014

Trust: 0.1

title:Apple: macOS Monterey 12.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f1105c4a20da11497b610b14a1668180

Trust: 0.1

title:Apple: Security Update 2022-005 Catalinaurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=b71ee1a3b689c178ee5a5bc823295063

Trust: 0.1

sources: VULMON: CVE-2021-4193

EXTERNAL IDS

db:NVDid:CVE-2021-4193

Trust: 2.4

db:OPENWALLid:OSS-SECURITY/2022/01/15/1

Trust: 1.8

db:PACKETSTORMid:165813

Trust: 0.8

db:PACKETSTORMid:166179

Trust: 0.8

db:PACKETSTORMid:167368

Trust: 0.8

db:PACKETSTORMid:166319

Trust: 0.8

db:PACKETSTORMid:165930

Trust: 0.7

db:PACKETSTORMid:167188

Trust: 0.7

db:PACKETSTORMid:166204

Trust: 0.7

db:PACKETSTORMid:167789

Trust: 0.7

db:AUSCERTid:ESB-2022.3561

Trust: 0.6

db:AUSCERTid:ESB-2022.3002

Trust: 0.6

db:AUSCERTid:ESB-2022.0903

Trust: 0.6

db:AUSCERTid:ESB-2022.1071

Trust: 0.6

db:AUSCERTid:ESB-2022.0870

Trust: 0.6

db:AUSCERTid:ESB-2023.0019

Trust: 0.6

db:AUSCERTid:ESB-2022.0921

Trust: 0.6

db:AUSCERTid:ESB-2022.1056

Trust: 0.6

db:AUSCERTid:ESB-2022.2412

Trust: 0.6

db:CS-HELPid:SB2022072103

Trust: 0.6

db:CS-HELPid:SB2022060217

Trust: 0.6

db:CS-HELPid:SB2022051702

Trust: 0.6

db:CS-HELPid:SB2022031433

Trust: 0.6

db:CS-HELPid:SB2022062022

Trust: 0.6

db:CS-HELPid:SB2022022221

Trust: 0.6

db:CNNVDid:CNNVD-202112-2824

Trust: 0.6

db:PACKETSTORMid:165917

Trust: 0.2

db:PACKETSTORMid:166199

Trust: 0.1

db:PACKETSTORMid:165902

Trust: 0.1

db:CNVDid:CNVD-2022-09304

Trust: 0.1

db:VULHUBid:VHN-410614

Trust: 0.1

db:VULMONid:CVE-2021-4193

Trust: 0.1

db:PACKETSTORMid:166309

Trust: 0.1

sources: VULHUB: VHN-410614 // VULMON: CVE-2021-4193 // PACKETSTORM: 166319 // PACKETSTORM: 166309 // PACKETSTORM: 165813 // PACKETSTORM: 165917 // PACKETSTORM: 166179 // PACKETSTORM: 167368 // CNNVD: CNNVD-202112-2824 // NVD: CVE-2021-4193

REFERENCES

url:https://support.apple.com/kb/ht213183

Trust: 1.8

url:https://support.apple.com/kb/ht213256

Trust: 1.8

url:https://support.apple.com/kb/ht213343

Trust: 1.8

url:https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/mar/29

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/may/35

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/jul/14

Trust: 1.8

url:https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2022/01/15/1

Trust: 1.8

url:https://security.gentoo.org/glsa/202208-32

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html

Trust: 1.7

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/

Trust: 0.8

url:https://packetstormsecurity.com/files/167368/ubuntu-security-notice-usn-5458-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1056

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1071

Trust: 0.6

url:https://packetstormsecurity.com/files/166179/red-hat-security-advisory-2022-0721-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/167789/apple-security-advisory-2022-07-20-4.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-regexp-percent-v-37347

Trust: 0.6

url:https://support.apple.com/en-us/ht213183

Trust: 0.6

url:https://support.apple.com/en-us/ht213343

Trust: 0.6

url:https://packetstormsecurity.com/files/167188/apple-security-advisory-2022-05-16-3.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3561

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3002

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031433

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2412

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072103

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051702

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022022221

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0870

Trust: 0.6

url:https://packetstormsecurity.com/files/165930/red-hat-security-advisory-2022-0476-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060217

Trust: 0.6

url:https://packetstormsecurity.com/files/165813/red-hat-security-advisory-2022-0366-06.html

Trust: 0.6

url:https://support.apple.com/en-us/ht213256

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0019

Trust: 0.6

url:https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022062022

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0903

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0921

Trust: 0.6

url:https://packetstormsecurity.com/files/166204/red-hat-security-advisory-2022-0595-02.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-4193

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-4192

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-4019

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-4192

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3984

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-4193

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3872

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-4122

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3521

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-3872

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-4019

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-3984

Trust: 0.3

url:https://ubuntu.com/security/notices/usn-5458-1

Trust: 0.2

url:https://issues.jboss.org/):

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3521

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-4122

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0476

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22609

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4173

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22612

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22610

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4136

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22616

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-46059

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22945

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0156

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0158

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22613

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30918

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22600

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22599

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4166

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0128

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22597

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22611

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22615

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4187

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22582

Trust: 0.1

url:https://support.apple.com/ht213183.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23434

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0185

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22942

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0466

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3564

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25710

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0920

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0466

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23434

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0856

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25214

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3752

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3573

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25214

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0920

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39241

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0366

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21248

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21296

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21299

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21283

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21341

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21360

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21299

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21282

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21294

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21360

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21305

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0444

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21293

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23307

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23307

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4104

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21341

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21293

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4104

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21282

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21248

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21294

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21283

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21296

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23302

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21365

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23305

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21340

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21340

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21365

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23302

Trust: 0.1

url:https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.4.10.ga/templates/${resource}

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0552

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0721

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0552

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28491

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28491

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0213

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0443

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0351

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0408

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0319

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0359

Trust: 0.1

sources: VULHUB: VHN-410614 // VULMON: CVE-2021-4193 // PACKETSTORM: 166319 // PACKETSTORM: 166309 // PACKETSTORM: 165813 // PACKETSTORM: 165917 // PACKETSTORM: 166179 // PACKETSTORM: 167368 // CNNVD: CNNVD-202112-2824 // NVD: CVE-2021-4193

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 166309 // PACKETSTORM: 165813 // PACKETSTORM: 165917 // PACKETSTORM: 166179

SOURCES

db:VULHUBid:VHN-410614
db:VULMONid:CVE-2021-4193
db:PACKETSTORMid:166319
db:PACKETSTORMid:166309
db:PACKETSTORMid:165813
db:PACKETSTORMid:165917
db:PACKETSTORMid:166179
db:PACKETSTORMid:167368
db:CNNVDid:CNNVD-202112-2824
db:NVDid:CVE-2021-4193

LAST UPDATE DATE

2024-11-07T20:41:30.714000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-410614date:2022-11-09T00:00:00
db:VULMONid:CVE-2021-4193date:2022-07-22T00:00:00
db:CNNVDid:CNNVD-202112-2824date:2023-01-03T00:00:00
db:NVDid:CVE-2021-4193date:2023-11-07T03:40:20.307

SOURCES RELEASE DATE

db:VULHUBid:VHN-410614date:2021-12-31T00:00:00
db:VULMONid:CVE-2021-4193date:2021-12-31T00:00:00
db:PACKETSTORMid:166319date:2022-03-15T15:49:02
db:PACKETSTORMid:166309date:2022-03-15T15:44:21
db:PACKETSTORMid:165813date:2022-02-02T16:48:00
db:PACKETSTORMid:165917date:2022-02-09T16:10:33
db:PACKETSTORMid:166179date:2022-03-02T16:50:31
db:PACKETSTORMid:167368date:2022-06-02T17:08:47
db:CNNVDid:CNNVD-202112-2824date:2021-12-31T00:00:00
db:NVDid:CVE-2021-4193date:2021-12-31T16:15:07.747