Sign-up

ID

VAR-202112-2540


CVE

CVE-2021-4192


TITLE

vim  Vulnerability in using free memory in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017216

DESCRIPTION

vim is vulnerable to Use After Free. vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It exists that Vim incorrectly handled memory when opening and editing certain files. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2021-3984, CVE-2021-4019, CVE-2021-4069). Solution: OSP 16.2.z Release - OSP Director Operator Containers 4. Bugs fixed (https://bugzilla.redhat.com/): 2025995 - Rebase tech preview on latest upstream v1.2.x branch 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2036784 - osp controller (fencing enabled) in downed state after system manual crash test 5. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.2.11 General Availability release images, which provide one or more container updates and bug fixes. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security fixes, bug fixes and container upgrades. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/ Security updates: * object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 (CVE-2021-23434) * follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) Related bugs: * RHACM 2.2.11 images (Bugzilla #2029508) * ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla #2030859) 3. Bugs fixed (https://bugzilla.redhat.com/): 1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 2029508 - RHACM 2.2.11 images 2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 5. Summary: An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim: heap-based buffer overflow in win_redr_status() in drawscreen.c (CVE-2021-3872) * vim: illegal memory access in find_start_brace() in cindent.c when C-indenting (CVE-2021-3984) * vim: heap-based buffer overflow in find_help_tags() in help.c (CVE-2021-4019) * vim: use-after-free in win_linetabsize() (CVE-2021-4192) * vim: out-of-bound read in getvcol() (CVE-2021-4193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2016056 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() in drawscreen.c 2028122 - CVE-2021-3984 vim: illegal memory access in find_start_brace() in cindent.c when C-indenting 2028212 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in help.c 2039685 - CVE-2021-4192 vim: use-after-free in win_linetabsize() 2039687 - CVE-2021-4193 vim: out-of-bound read in getvcol() 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: vim-X11-8.0.1763-16.el8_5.4.aarch64.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm vim-common-8.0.1763-16.el8_5.4.aarch64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm vim-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm vim-debugsource-8.0.1763-16.el8_5.4.aarch64.rpm vim-enhanced-8.0.1763-16.el8_5.4.aarch64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm noarch: vim-filesystem-8.0.1763-16.el8_5.4.noarch.rpm ppc64le: vim-X11-8.0.1763-16.el8_5.4.ppc64le.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm vim-common-8.0.1763-16.el8_5.4.ppc64le.rpm vim-common-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm vim-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm vim-debugsource-8.0.1763-16.el8_5.4.ppc64le.rpm vim-enhanced-8.0.1763-16.el8_5.4.ppc64le.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm s390x: vim-X11-8.0.1763-16.el8_5.4.s390x.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm vim-common-8.0.1763-16.el8_5.4.s390x.rpm vim-common-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm vim-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm vim-debugsource-8.0.1763-16.el8_5.4.s390x.rpm vim-enhanced-8.0.1763-16.el8_5.4.s390x.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm x86_64: vim-X11-8.0.1763-16.el8_5.4.x86_64.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm vim-common-8.0.1763-16.el8_5.4.x86_64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm vim-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm vim-debugsource-8.0.1763-16.el8_5.4.x86_64.rpm vim-enhanced-8.0.1763-16.el8_5.4.x86_64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: vim-8.0.1763-16.el8_5.4.src.rpm aarch64: vim-X11-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm vim-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm vim-debugsource-8.0.1763-16.el8_5.4.aarch64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm vim-minimal-8.0.1763-16.el8_5.4.aarch64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.4.aarch64.rpm ppc64le: vim-X11-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm vim-common-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm vim-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm vim-debugsource-8.0.1763-16.el8_5.4.ppc64le.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm vim-minimal-8.0.1763-16.el8_5.4.ppc64le.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.4.ppc64le.rpm s390x: vim-X11-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm vim-common-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm vim-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm vim-debugsource-8.0.1763-16.el8_5.4.s390x.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm vim-minimal-8.0.1763-16.el8_5.4.s390x.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.4.s390x.rpm x86_64: vim-X11-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm vim-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm vim-debugsource-8.0.1763-16.el8_5.4.x86_64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm vim-minimal-8.0.1763-16.el8_5.4.x86_64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3872 https://access.redhat.com/security/cve/CVE-2021-3984 https://access.redhat.com/security/cve/CVE-2021-4019 https://access.redhat.com/security/cve/CVE-2021-4192 https://access.redhat.com/security/cve/CVE-2021-4193 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files 5. JIRA issues fixed (https://issues.jboss.org/): GITOPS-1758 - [Release] OpenShift GitOps v.1.3.3 6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. gVim is the GUI version of Vim. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060 Description ========== Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Vim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060" All gVim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060" All vim-core users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060" References ========= [ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-32 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina Security Update 2022-005 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213343. APFS Available for: macOS Catalina Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03) AppleMobileFileIntegrity Available for: macOS Catalina Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32853: Ye Zhang(@co0py_Cat) of Baidu Security CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security Audio Available for: macOS Catalina Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher Calendar Available for: macOS Catalina Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security Calendar Available for: macOS Catalina Impact: An app may be able to access user-sensitive data Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones CoreText Available for: macOS Catalina Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg) FaceTime Available for: macOS Catalina Impact: An app with root privileges may be able to access private information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32781: Wojciech Reguła (@_r3ggi) of SecuRing File System Events Available for: macOS Catalina Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant ICU Available for: macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. ImageIO Available for: macOS Catalina Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit) Intel Graphics Driver Available for: macOS Catalina Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. Intel Graphics Driver Available for: macOS Catalina Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o Kernel Available for: macOS Catalina Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32815: Xinru Chi of Pangu Lab CVE-2022-32813: Xinru Chi of Pangu Lab libxml2 Available for: macOS Catalina Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823 PackageKit Available for: macOS Catalina Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t) PackageKit Available for: macOS Catalina Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t) PluginKit Available for: macOS Catalina Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro PS Normalizer Available for: macOS Catalina Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz SMB Available for: macOS Catalina Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Catalina Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0) Software Update Available for: macOS Catalina Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin) Spindump Available for: macOS Catalina Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Spotlight Available for: macOS Catalina Impact: An app may be able to gain elevated privileges Description: A validation issue in the handling of symlinks was addressed with improved validation of symlinks. CVE-2022-26704: Joshua Mason of Mandiant TCC Available for: macOS Catalina Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Vim Available for: macOS Catalina Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 Wi-Fi Available for: macOS Catalina Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval Security Update 2022-005 Catalina may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuQACgkQeC9qKD1p rhiuNw//V3lvbuk3ZcN4l2+dumbidEYnYD+qrrm+V332BNA9zqn9Uyoy1l9mXY32 qA/UfHpnuZj5F2qjBNinkpV9VlwMZUIZmWfLBrVz3+cF1wrF6RZVFmz05sVsWTCC zB7H9eCPQr/afrTgjf2evIsaCZaqveOP7ZVFV3dOEOpzp/hMUYFWF69mEbYfl2Z1 PlB3bkZPys4fZ3nCq70egWotGl7V4M/9aqGBDQZzAwmcsepeppBaCP1MnDiDiWqA 6m2jVNDDTP/CasfPt1k3jR3aKf7f+ySZozQLyUyMhRpTLnZ1fpEtD5jjwK/hprKW g00gdTOBl7aGAxbKL3xlsxXRGzhzy9n2RVN4duhRKEbDKDShCfRFmCxXGxAGJB7J 96TqA/wy1s7gnlxNzUfJewJMopr3AU4ffhdyOgKV1Is7eRwAhKYlh3K5T6C28Uuj 8TXAqY2qwMqs+jIqe3dGEuPBj83tQMD0xukIhzGtuxwoziiPyzSfrgUHvSK8vBYN NGGfLdHn8ailAYpnFeRxhImxclr59QddI8uzS/G6O9CLJY0jUh3tjCNC3fjIjS6F lD3+P/J/Hf5HFvpvNyw6aJVVYIcGFOQi+RmhVGysMHuGIz4aqc9rTdvbAKdeKpyK 8p0C6S1/sV+pu7morGBm9aSm/rRyDZSVWSA2l/3fRA9mJmrL8Ao= =fcrb -----END PGP SIGNATURE-----

Trust: 2.34

sources: NVD: CVE-2021-4192 // JVNDB: JVNDB-2021-017216 // VULHUB: VHN-410613 // VULMON: CVE-2021-4192 // PACKETSTORM: 166308 // PACKETSTORM: 166309 // PACKETSTORM: 165813 // PACKETSTORM: 165930 // PACKETSTORM: 168124 // PACKETSTORM: 167789

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:macosscope:eqversion:10.15.7

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:vimmodel:vimscope:ltversion:8.2.3949

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:vimmodel:vimscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-017216 // NVD: CVE-2021-4192

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-4192
value: HIGH

Trust: 1.0

security@huntr.dev: CVE-2021-4192
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-4192
value: HIGH

Trust: 0.8

VULHUB: VHN-410613
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-4192
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-4192
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-410613
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-4192
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security@huntr.dev: CVE-2021-4192
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2021-4192
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-410613 // VULMON: CVE-2021-4192 // JVNDB: JVNDB-2021-017216 // NVD: CVE-2021-4192 // NVD: CVE-2021-4192

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

problemtype:Use of freed memory (CWE-416) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-410613 // JVNDB: JVNDB-2021-017216 // NVD: CVE-2021-4192

TYPE

bypass

Trust: 0.1

sources: PACKETSTORM: 166309

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-410613

PATCH
title:HT213343url:https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html
Trust: 0.8
title:Red Hat: Moderate: vim security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220366 - Security Advisory
Trust: 0.1
title:Red Hat: Important: Red Hat OpenShift GitOps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220476 - Security Advisory
Trust: 0.1
title:Red Hat: CVE-2021-4192url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-4192
Trust: 0.1
title:Red Hat: Moderate: OpenShift Logging bug fix and security update (5.3.5)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220721 - Security Advisory
Trust: 0.1
title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-4192
Trust: 0.1
title:Ubuntu Security Notice: USN-5433-1: Vim vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5433-1
Trust: 0.1
title:Red Hat: Important: Red Hat Advanced Cluster Management 2.3.6 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220595 - Security Advisory
Trust: 0.1
title:Red Hat: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJ9 for OpenShift image security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220445 - Security Advisory
Trust: 0.1
title:Red Hat: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220444 - Security Advisory
Trust: 0.1
title:Red Hat: Important: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220735 - Security Advisory
Trust: 0.1
title:Red Hat: Important: Release of containers for OSP 16.2 director operator tech previewurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220842 - Security Advisory
Trust: 0.1
title:Amazon Linux AMI: ALAS-2022-1557url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1557
Trust: 0.1
title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220856 - Security Advisory
Trust: 0.1
title:Amazon Linux 2: ALAS2-2022-1743url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1743
Trust: 0.1
title:Amazon Linux 2022: ALAS2022-2022-014url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-014
Trust: 0.1
title:Apple: macOS Monterey 12.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f1105c4a20da11497b610b14a1668180
Trust: 0.1
title:Apple: Security Update 2022-005 Catalinaurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=b71ee1a3b689c178ee5a5bc823295063
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-4192 // 
            
            
            
            JVNDB: JVNDB-2021-017216

EXTERNAL IDS
db:NVDid:CVE-2021-4192
Trust: 3.4
db:OPENWALLid:OSS-SECURITY/2022/01/15/1
Trust: 1.2
db:JVNDBid:JVNDB-2021-017216
Trust: 0.8
db:PACKETSTORMid:165813
Trust: 0.2
db:PACKETSTORMid:165930
Trust: 0.2
db:PACKETSTORMid:167789
Trust: 0.2
db:PACKETSTORMid:166199
Trust: 0.1
db:PACKETSTORMid:166179
Trust: 0.1
db:PACKETSTORMid:165902
Trust: 0.1
db:PACKETSTORMid:167188
Trust: 0.1
db:PACKETSTORMid:167242
Trust: 0.1
db:PACKETSTORMid:165917
Trust: 0.1
db:PACKETSTORMid:166204
Trust: 0.1
db:PACKETSTORMid:166319
Trust: 0.1
db:VULHUBid:VHN-410613
Trust: 0.1
db:VULMONid:CVE-2021-4192
Trust: 0.1
db:PACKETSTORMid:166308
Trust: 0.1
db:PACKETSTORMid:166309
Trust: 0.1
db:PACKETSTORMid:168124
Trust: 0.1
sources:
            
            
            VULHUB: VHN-410613 // 
            
            
            
            VULMON: CVE-2021-4192 // 
            
            
            
            JVNDB: JVNDB-2021-017216 // 
            
            
            
            PACKETSTORM: 166308 // 
            
            
            
            PACKETSTORM: 166309 // 
            
            
            
            PACKETSTORM: 165813 // 
            
            
            
            PACKETSTORM: 165930 // 
            
            
            
            PACKETSTORM: 168124 // 
            
            
            
            PACKETSTORM: 167789 // 
            
            
            
            NVD: CVE-2021-4192

REFERENCES
url:https://support.apple.com/kb/ht213183
Trust: 1.2
url:https://support.apple.com/kb/ht213256
Trust: 1.2
url:https://support.apple.com/kb/ht213343
Trust: 1.2
url:https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22
Trust: 1.2
url:http://seclists.org/fulldisclosure/2022/mar/29
Trust: 1.2
url:http://seclists.org/fulldisclosure/2022/may/35
Trust: 1.2
url:http://seclists.org/fulldisclosure/2022/jul/14
Trust: 1.2
url:https://security.gentoo.org/glsa/202208-32
Trust: 1.2
url:https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952
Trust: 1.2
url:https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html
Trust: 1.2
url:http://www.openwall.com/lists/oss-security/2022/01/15/1
Trust: 1.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-4192
Trust: 1.2
url:https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
Trust: 1.1
url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/
Trust: 1.0
url:https://access.redhat.com/security/cve/cve-2021-3984
Trust: 0.4
url:https://access.redhat.com/security/cve/cve-2021-4193
Trust: 0.4
url:https://access.redhat.com/security/cve/cve-2021-3872
Trust: 0.4
url:https://listman.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.4
url:https://access.redhat.com/security/team/contact/
Trust: 0.4
url:https://access.redhat.com/security/cve/cve-2021-4019
Trust: 0.4
url:https://access.redhat.com/security/cve/cve-2021-4192
Trust: 0.4
url:https://bugzilla.redhat.com/):
Trust: 0.4
url:https://nvd.nist.gov/vuln/detail/cve-2021-4193
Trust: 0.4
url:https://access.redhat.com/security/cve/cve-2021-4122
Trust: 0.3
url:https://access.redhat.com/security/cve/cve-2021-3712
Trust: 0.3
url:https://access.redhat.com/security/cve/cve-2021-3521
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-3872
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-4019
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-3984
Trust: 0.3
url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/
Trust: 0.2
url:https://access.redhat.com/errata/rhsa-2022:0366
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-17595
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-19603
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-3445
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-13435
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-19603
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-3521
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-42574
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-35942
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-14155
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-16135
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-3200
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-20231
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-22925
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-17594
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-20232
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-28153
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-5827
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-24370
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-3572
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-27645
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2020-12762
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-36086
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-13750
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-18218
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-13750
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-20232
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2022-24407
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-13751
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-3426
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-20838
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-22898
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-18218
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-22876
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-3580
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-27645
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-33574
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-20231
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2020-13435
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-12762
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2020-14155
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-5827
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2020-16135
Trust: 0.2
url:https://access.redhat.com/security/updates/classification/#important
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-28153
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-36084
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2020-24370
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-17595
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-17594
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-3800
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-20838
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-36087
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-22925
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-22898
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-36085
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2019-13751
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-22876
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2021-33560
Trust: 0.2
url:https://access.redhat.com/security/updates/classification/#moderate
Trust: 0.2
url:https://access.redhat.com/articles/11258
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2022-0128
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-4166
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-46059
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-4187
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-4173
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-4136
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/416.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://ubuntu.com/security/notices/usn-5433-1
Trust: 0.1
url:https://security.archlinux.org/cve-2021-4192
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-33560
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2021-44716
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-3572
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2022:0842
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-3426
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-3200
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-3445
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-33574
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2020-0465
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2021-23434
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2022-0185
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2022-22942
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-0466
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2021-3564
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2020-25710
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-0920
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-25710
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2021-40346
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2020-0466
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-23434
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2021-4155
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2022-0330
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2022:0856
Trust: 0.1
url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2021-25214
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-25709
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-0465
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2021-3752
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2020-25709
Trust: 0.1
url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2022-0155
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2021-3573
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-25214
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2021-0920
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2021-39241
Trust: 0.1
url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/
Trust: 0.1
url:https://access.redhat.com/security/team/key/
Trust: 0.1
url:https://issues.jboss.org/):
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-24348
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2022:0476
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2022-24348
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-4122
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-3712
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0361
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2129
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0261
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0413
Trust: 0.1
url:https://creativecommons.org/licenses/by-sa/2.5
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0943
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1927
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-3796
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2175
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0408
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2286
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2126
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1886
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1771
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1851
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2000
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2287
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0158
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1674
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0417
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1968
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1621
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0407
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0318
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2284
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2288
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0392
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2345
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2257
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1154
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0368
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0554
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0443
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2124
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2343
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1381
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1735
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0714
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2125
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-3778
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1733
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2207
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0629
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1629
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0393
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2183
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0156
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-4069
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1616
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2264
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-3927
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1619
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0685
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2304
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1620
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0319
Trust: 0.1
url:https://bugs.gentoo.org.
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1898
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-3974
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2344
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0351
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-3928
Trust: 0.1
url:https://security.gentoo.org/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-3968
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1785
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0213
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1796
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0729
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2206
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1720
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-3770
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1769
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1897
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2289
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-0359
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-3973
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1420
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2042
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2182
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1160
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-3875
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2231
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2285
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2208
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-1942
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-2210
Trust: 0.1
url:https://support.apple.com/downloads/
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32786
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32781
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32797
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32785
Trust: 0.1
url:https://support.apple.com/ht213343.
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-26704
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-32787
Trust: 0.1
url:https://support.apple.com/en-us/ht201222.
Trust: 0.1
sources:
            
            
            VULHUB: VHN-410613 // 
            
            
            
            VULMON: CVE-2021-4192 // 
            
            
            
            JVNDB: JVNDB-2021-017216 // 
            
            
            
            PACKETSTORM: 166308 // 
            
            
            
            PACKETSTORM: 166309 // 
            
            
            
            PACKETSTORM: 165813 // 
            
            
            
            PACKETSTORM: 165930 // 
            
            
            
            PACKETSTORM: 168124 // 
            
            
            
            PACKETSTORM: 167789 // 
            
            
            
            NVD: CVE-2021-4192

CREDITS
Red Hat
Trust: 0.4
sources:
            
            
            PACKETSTORM: 166308 // 
            
            
            
            PACKETSTORM: 166309 // 
            
            
            
            PACKETSTORM: 165813 // 
            
            
            
            PACKETSTORM: 165930

SOURCES
db:VULHUBid:VHN-410613
db:VULMONid:CVE-2021-4192
db:JVNDBid:JVNDB-2021-017216
db:PACKETSTORMid:166308
db:PACKETSTORMid:166309
db:PACKETSTORMid:165813
db:PACKETSTORMid:165930
db:PACKETSTORMid:168124
db:PACKETSTORMid:167789
db:NVDid:CVE-2021-4192

LAST UPDATE DATE
2024-09-17T22:35:15.606000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-410613date:2022-11-09T00:00:00
db:VULMONid:CVE-2021-4192date:2022-07-22T00:00:00
db:JVNDBid:JVNDB-2021-017216date:2023-01-10T06:15:00
db:NVDid:CVE-2021-4192date:2023-11-07T03:40:20.043

SOURCES RELEASE DATE
db:VULHUBid:VHN-410613date:2021-12-31T00:00:00
db:VULMONid:CVE-2021-4192date:2021-12-31T00:00:00
db:JVNDBid:JVNDB-2021-017216date:2023-01-10T00:00:00
db:PACKETSTORMid:166308date:2022-03-15T15:41:45
db:PACKETSTORMid:166309date:2022-03-15T15:44:21
db:PACKETSTORMid:165813date:2022-02-02T16:48:00
db:PACKETSTORMid:165930date:2022-02-09T16:20:47
db:PACKETSTORMid:168124date:2022-08-22T16:01:59
db:PACKETSTORMid:167789date:2022-07-22T16:23:52
db:NVDid:CVE-2021-4192date:2021-12-31T15:15:08.560