ID

VAR-202112-2539


CVE

CVE-2021-4193


TITLE

vim  Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017215

DESCRIPTION

vim is vulnerable to Out-of-bounds Read. SourceCoster Online Covid Vaccination Scheduler System is an application system of SourceCoster company. Effectively manage COVID-19 vaccinations with reliable vaccine planning and cohort management solutions. There is a cross-site scripting vulnerability in Sourcecodester Online Covid vaccine Scheduler Systemv1. The vulnerability stems from the lack of escaping or filtering of user data in the lid parameter of the software. Attackers can use this vulnerability to execute arbitrary code through the lid parameter of /scheduler/addSchedule.php . An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319). Solution: OSP 16.2.z Release - OSP Director Operator Containers 4. Bugs fixed (https://bugzilla.redhat.com/): 2025995 - Rebase tech preview on latest upstream v1.2.x branch 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2036784 - osp controller (fencing enabled) in downed state after system manual crash test 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: vim security update Advisory ID: RHSA-2022:0366-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0366 Issue date: 2022-02-01 CVE Names: CVE-2021-3872 CVE-2021-3984 CVE-2021-4019 CVE-2021-4192 CVE-2021-4193 ===================================================================== 1. Summary: An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim: heap-based buffer overflow in win_redr_status() in drawscreen.c (CVE-2021-3872) * vim: illegal memory access in find_start_brace() in cindent.c when C-indenting (CVE-2021-3984) * vim: heap-based buffer overflow in find_help_tags() in help.c (CVE-2021-4019) * vim: use-after-free in win_linetabsize() (CVE-2021-4192) * vim: out-of-bound read in getvcol() (CVE-2021-4193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2016056 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() in drawscreen.c 2028122 - CVE-2021-3984 vim: illegal memory access in find_start_brace() in cindent.c when C-indenting 2028212 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in help.c 2039685 - CVE-2021-4192 vim: use-after-free in win_linetabsize() 2039687 - CVE-2021-4193 vim: out-of-bound read in getvcol() 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: vim-X11-8.0.1763-16.el8_5.4.aarch64.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm vim-common-8.0.1763-16.el8_5.4.aarch64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm vim-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm vim-debugsource-8.0.1763-16.el8_5.4.aarch64.rpm vim-enhanced-8.0.1763-16.el8_5.4.aarch64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm noarch: vim-filesystem-8.0.1763-16.el8_5.4.noarch.rpm ppc64le: vim-X11-8.0.1763-16.el8_5.4.ppc64le.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm vim-common-8.0.1763-16.el8_5.4.ppc64le.rpm vim-common-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm vim-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm vim-debugsource-8.0.1763-16.el8_5.4.ppc64le.rpm vim-enhanced-8.0.1763-16.el8_5.4.ppc64le.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm s390x: vim-X11-8.0.1763-16.el8_5.4.s390x.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm vim-common-8.0.1763-16.el8_5.4.s390x.rpm vim-common-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm vim-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm vim-debugsource-8.0.1763-16.el8_5.4.s390x.rpm vim-enhanced-8.0.1763-16.el8_5.4.s390x.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm x86_64: vim-X11-8.0.1763-16.el8_5.4.x86_64.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm vim-common-8.0.1763-16.el8_5.4.x86_64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm vim-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm vim-debugsource-8.0.1763-16.el8_5.4.x86_64.rpm vim-enhanced-8.0.1763-16.el8_5.4.x86_64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: vim-8.0.1763-16.el8_5.4.src.rpm aarch64: vim-X11-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm vim-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm vim-debugsource-8.0.1763-16.el8_5.4.aarch64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm vim-minimal-8.0.1763-16.el8_5.4.aarch64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm ppc64le: vim-X11-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm vim-common-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm vim-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm vim-debugsource-8.0.1763-16.el8_5.4.ppc64le.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm vim-minimal-8.0.1763-16.el8_5.4.ppc64le.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm s390x: vim-X11-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm vim-common-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm vim-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm vim-debugsource-8.0.1763-16.el8_5.4.s390x.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm vim-minimal-8.0.1763-16.el8_5.4.s390x.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm x86_64: vim-X11-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm vim-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm vim-debugsource-8.0.1763-16.el8_5.4.x86_64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm vim-minimal-8.0.1763-16.el8_5.4.x86_64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3872 https://access.redhat.com/security/cve/CVE-2021-3984 https://access.redhat.com/security/cve/CVE-2021-4019 https://access.redhat.com/security/cve/CVE-2021-4192 https://access.redhat.com/security/cve/CVE-2021-4193 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.3.6 General Availability release images, which provide security updates and bug fixes. Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.6 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/ Security updates: * Nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918) * Nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * Golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * Follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) Bug fixes: * Inform ACM policy is not checking properly the node fields (BZ# 2015588) * ImagePullPolicy is "Always" for multicluster-operators-subscription-rhel8 image (BZ# 2021128) * Traceback blocks reconciliation of helm repository hosted on AWS S3 storage (BZ# 2021576) * RHACM 2.3.6 images (BZ# 2029507) * Console UI enabled SNO UI Options not displayed during cluster creating (BZ# 2030002) * Grc pod restarts for each new GET request to the Governance Policy Page (BZ# 2037351) * Clustersets do not appear in UI (BZ# 2049810) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 2015588 - Inform ACM policy is not checking properly the node fields 2021128 - imagePullPolicy is "Always" for multicluster-operators-subscription-rhel8 image 2021576 - traceback blocks reconciliation of helm repository hosted on AWS S3 storage 2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability 2029507 - RHACM 2.3.6 images 2030002 - Console UI enabled SNO UI Options not displayed during cluster creating 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2037351 - grc pod restarts for each new GET request to the Governance Policy Page 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2049810 - Clustersets do not appear in UI 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 5. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception 2052539 - CVE-2022-0552 origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2182 - Logging link is not removed when CLO is uninstalled or its instance is removed 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 macOS Big Sur 11.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213256. apache Available for: macOS Big Sur Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 AppKit Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team AppleAVD Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22675: an anonymous researcher AppleGraphicsControl Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro CoreTypes Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e) CVMS Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori DriverKit Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) Graphics Drivers Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2022-22674: an anonymous researcher Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic) Intel Graphics Driver Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative IOMobileFrameBuffer Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing LaunchServices Available for: macOS Big Sur Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e) libresolv Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team LibreSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778 libxml2 Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 OpenSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778 PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t) Printing Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics Security Available for: macOS Big Sur Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs SMB Available for: macOS Big Sur Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs SoftwareUpdate Available for: macOS Big Sur Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t) TCC Available for: macOS Big Sur Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher Tcl Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e) Vim Available for: macOS Big Sur Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 WebKit Available for: macOS Big Sur Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) Wi-Fi Available for: macOS Big Sur Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval zip Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530 zlib Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy zsh Available for: macOS Big Sur Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444 Additional recognition Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance. macOS Big Sur 11.6.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er K8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW qtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/ vZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP yXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj SY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR VZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF aC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc R2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO zymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4 d22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o= =rtPl -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. gVim is the GUI version of Vim. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060 Description ========== Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Vim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060" All gVim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060" All vim-core users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060" References ========= [ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-32 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.34

sources: NVD: CVE-2021-4193 // JVNDB: JVNDB-2021-017215 // VULHUB: VHN-410614 // VULMON: CVE-2021-4193 // PACKETSTORM: 166308 // PACKETSTORM: 165813 // PACKETSTORM: 166204 // PACKETSTORM: 166179 // PACKETSTORM: 167188 // PACKETSTORM: 168124

AFFECTED PRODUCTS

vendor:vimmodel:vimscope:ltversion:8.2.3950

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:macosscope:eqversion:10.15.7

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:vimmodel:vimscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-017215 // NVD: CVE-2021-4193

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-4193
value: MEDIUM

Trust: 1.0

security@huntr.dev: CVE-2021-4193
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-4193
value: MEDIUM

Trust: 0.8

VULHUB: VHN-410614
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-4193
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-4193
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-410614
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

security@huntr.dev: CVE-2021-4193
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2021-4193
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-410614 // VULMON: CVE-2021-4193 // JVNDB: JVNDB-2021-017215 // NVD: CVE-2021-4193 // NVD: CVE-2021-4193

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-410614 // JVNDB: JVNDB-2021-017215 // NVD: CVE-2021-4193

TYPE

overflow

Trust: 0.1

sources: PACKETSTORM: 165813

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-410614

PATCH

title:HT213343url:https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html

Trust: 0.8

title:Red Hat: Important: Red Hat OpenShift GitOps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220476 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: vim security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220366 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2021-4193url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-4193

Trust: 0.1

title:Red Hat: Moderate: OpenShift Logging bug fix and security update (5.3.5)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220721 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: USN-5458-1: Vim vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5458-1

Trust: 0.1

title:Red Hat: Important: Red Hat Advanced Cluster Management 2.3.6 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220595 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJ9 for OpenShift image security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220445 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220444 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220735 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Release of containers for OSP 16.2 director operator tech previewurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220842 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2022-1557url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1557

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220856 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1743url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1743

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-014url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-014

Trust: 0.1

title:Apple: macOS Monterey 12.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f1105c4a20da11497b610b14a1668180

Trust: 0.1

title:Apple: Security Update 2022-005 Catalinaurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=b71ee1a3b689c178ee5a5bc823295063

Trust: 0.1

sources: VULMON: CVE-2021-4193 // JVNDB: JVNDB-2021-017215

EXTERNAL IDS

db:NVDid:CVE-2021-4193

Trust: 3.4

db:OPENWALLid:OSS-SECURITY/2022/01/15/1

Trust: 1.2

db:JVNDBid:JVNDB-2021-017215

Trust: 0.8

db:PACKETSTORMid:165813

Trust: 0.2

db:PACKETSTORMid:166179

Trust: 0.2

db:PACKETSTORMid:167188

Trust: 0.2

db:PACKETSTORMid:166204

Trust: 0.2

db:PACKETSTORMid:166199

Trust: 0.1

db:PACKETSTORMid:165930

Trust: 0.1

db:PACKETSTORMid:165902

Trust: 0.1

db:PACKETSTORMid:165917

Trust: 0.1

db:PACKETSTORMid:167368

Trust: 0.1

db:PACKETSTORMid:167789

Trust: 0.1

db:PACKETSTORMid:166319

Trust: 0.1

db:CNVDid:CNVD-2022-09304

Trust: 0.1

db:VULHUBid:VHN-410614

Trust: 0.1

db:VULMONid:CVE-2021-4193

Trust: 0.1

db:PACKETSTORMid:166308

Trust: 0.1

db:PACKETSTORMid:168124

Trust: 0.1

sources: VULHUB: VHN-410614 // VULMON: CVE-2021-4193 // JVNDB: JVNDB-2021-017215 // PACKETSTORM: 166308 // PACKETSTORM: 165813 // PACKETSTORM: 166204 // PACKETSTORM: 166179 // PACKETSTORM: 167188 // PACKETSTORM: 168124 // NVD: CVE-2021-4193

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-4193

Trust: 1.3

url:https://support.apple.com/kb/ht213183

Trust: 1.2

url:https://support.apple.com/kb/ht213256

Trust: 1.2

url:https://support.apple.com/kb/ht213343

Trust: 1.2

url:https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0

Trust: 1.2

url:http://seclists.org/fulldisclosure/2022/mar/29

Trust: 1.2

url:http://seclists.org/fulldisclosure/2022/may/35

Trust: 1.2

url:http://seclists.org/fulldisclosure/2022/jul/14

Trust: 1.2

url:https://security.gentoo.org/glsa/202208-32

Trust: 1.2

url:https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b

Trust: 1.2

url:https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html

Trust: 1.2

url:http://www.openwall.com/lists/oss-security/2022/01/15/1

Trust: 1.2

url:https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/

Trust: 1.0

url:https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-4192

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3984

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-4193

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3872

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-4019

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-4192

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-3872

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-4019

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-3984

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-3521

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-4122

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3521

Trust: 0.3

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-4122

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-46059

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0128

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-4187

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-4173

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-4136

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-4166

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0476

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5458-1

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33560

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44716

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3572

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0842

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3426

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3200

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3445

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33574

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0366

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4034

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4034

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20321

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-42739

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3918

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25704

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43565

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-20612

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42739

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0185

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3918

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43565

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25704

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-42574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0185

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36322

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-20612

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-20617

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20321

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0595

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-20617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36322

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0552

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0721

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0552

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28491

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28491

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22721

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22589

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22663

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44790

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22674

Trust: 0.1

url:https://support.apple.com/ht213256.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0530

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44224

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26697

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-45444

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22675

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26706

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22665

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26712

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0361

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2129

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0261

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0413

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0943

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1927

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3796

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2175

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0408

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2286

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2126

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1886

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1771

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1851

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2000

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2287

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0158

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1674

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0417

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1968

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1621

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0407

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0318

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2284

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2288

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0392

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2345

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2257

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1154

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0368

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0554

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0443

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2124

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2343

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1381

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1735

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0714

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2125

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1733

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2207

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0629

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1629

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0393

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2183

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0156

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4069

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1616

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2264

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3927

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1619

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0685

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2304

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1620

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0319

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1898

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3974

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2344

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0351

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3928

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3968

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1785

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0213

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1796

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0729

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2206

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3770

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1769

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1897

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2289

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0359

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3973

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1420

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2042

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2182

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1160

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3875

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2231

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2285

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2208

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1942

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2210

Trust: 0.1

sources: VULHUB: VHN-410614 // VULMON: CVE-2021-4193 // JVNDB: JVNDB-2021-017215 // PACKETSTORM: 166308 // PACKETSTORM: 165813 // PACKETSTORM: 166204 // PACKETSTORM: 166179 // PACKETSTORM: 167188 // PACKETSTORM: 168124 // NVD: CVE-2021-4193

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 166308 // PACKETSTORM: 165813 // PACKETSTORM: 166204 // PACKETSTORM: 166179

SOURCES

db:VULHUBid:VHN-410614
db:VULMONid:CVE-2021-4193
db:JVNDBid:JVNDB-2021-017215
db:PACKETSTORMid:166308
db:PACKETSTORMid:165813
db:PACKETSTORMid:166204
db:PACKETSTORMid:166179
db:PACKETSTORMid:167188
db:PACKETSTORMid:168124
db:NVDid:CVE-2021-4193

LAST UPDATE DATE

2024-11-20T20:34:41.173000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-410614date:2022-11-09T00:00:00
db:VULMONid:CVE-2021-4193date:2022-07-22T00:00:00
db:JVNDBid:JVNDB-2021-017215date:2023-01-10T06:08:00
db:NVDid:CVE-2021-4193date:2023-11-07T03:40:20.307

SOURCES RELEASE DATE

db:VULHUBid:VHN-410614date:2021-12-31T00:00:00
db:VULMONid:CVE-2021-4193date:2021-12-31T00:00:00
db:JVNDBid:JVNDB-2021-017215date:2023-01-10T00:00:00
db:PACKETSTORMid:166308date:2022-03-15T15:41:45
db:PACKETSTORMid:165813date:2022-02-02T16:48:00
db:PACKETSTORMid:166204date:2022-03-04T16:17:56
db:PACKETSTORMid:166179date:2022-03-02T16:50:31
db:PACKETSTORMid:167188date:2022-05-17T16:59:42
db:PACKETSTORMid:168124date:2022-08-22T16:01:59
db:NVDid:CVE-2021-4193date:2021-12-31T16:15:07.747