Details of VAR-202201-0104

ID

VAR-202201-0104

CVE

CVE-2021-45960

TITLE

Expat Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202201-037

DESCRIPTION

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). No detailed vulnerability details were provided at this time. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * Openshift-Gitops: Improper access control allows admin privilege escalation (CVE-2022-1025) * argocd: path traversal and improper access control allows leaking out-of-bound files (CVE-2022-24730) * argocd: path traversal allows leaking out-of-bound files (CVE-2022-24731) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. This update provides security fixes, bug fixes, and updates the container images. Description: Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/ Security updates: * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450) * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * nodejs-shelljs: improper privilege management (CVE-2022-0144) * search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) * imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778) * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) * opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190) Related bugs: * RHACM 2.4.3 image files (BZ #2057249) * Observability - dashboard name contains `/` would cause error when generating dashboard cm (BZ #2032128) * ACM application placement fails after renaming the application name (BZ #2033051) * Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197) * Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820) * The value of name label changed from clusterclaim name to cluster name (BZ #2042223) * VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ #2048500) * clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211) * Application cluster status is not updated in UI after restoring (BZ #2053279) * OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610) * The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039) * Subscriptions stop reconciling after channel secrets are recreated (BZ #2059954) * Placementrule is not reconciling on a new fresh environment (BZ #2074156) * The cluster claimed from clusterpool cannot auto imported (BZ #2074543) 3. Bugs fixed (https://bugzilla.redhat.com/): 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm 2033051 - ACM application placement fails after renaming the application name 2039197 - disable the obs metric collect should not impact the managed cluster upgrade 2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard 2042223 - the value of name label changed from clusterclaim name to cluster name 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053279 - Application cluster status is not updated in UI after restoring 2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+ 2057249 - RHACM 2.4.3 images 2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift 2059954 - Subscriptions stop reconciling after channel secrets are recreated 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2074156 - Placementrule is not reconciling on a new fresh environment 2074543 - The cluster claimed from clusterpool can not auto imported 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update Advisory ID: RHSA-2022:7143-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:7143 Issue date: 2022-10-26 CVE Names: CVE-2021-33193 CVE-2021-36160 CVE-2021-39275 CVE-2021-41524 CVE-2021-44224 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64 Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64 3. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) * httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193) * httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160) * httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275) * httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524) * httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224) * expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960) * expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143) * expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822) * expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823) * expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824) * expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825) * expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826) * expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827) * expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852) * expat: stack exhaustion in doctype parsing (CVE-2022-25313) * expat: integer overflow in copyString() (CVE-2022-25314) * expat: integer overflow in the doProlog function (CVE-2022-23990) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path 2010934 - CVE-2021-41524 httpd: NULL pointer dereference via crafted request during HTTP/2 request processing 2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations 2044451 - CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat 2044455 - CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c 2044457 - CVE-2022-22822 expat: Integer overflow in addBinding in xmlparse.c 2044464 - CVE-2022-22823 expat: Integer overflow in build_model in xmlparse.c 2044467 - CVE-2022-22824 expat: Integer overflow in defineAttribute in xmlparse.c 2044479 - CVE-2022-22825 expat: Integer overflow in lookup in xmlparse.c 2044484 - CVE-2022-22826 expat: Integer overflow in nextScaffoldPart in xmlparse.c 2044488 - CVE-2022-22827 expat: Integer overflow in storeAtts in xmlparse.c 2044613 - CVE-2022-23852 expat: Integer overflow in function XML_GetBuffer 2048356 - CVE-2022-23990 expat: integer overflow in the doProlog function 2056350 - CVE-2022-25313 expat: stack exhaustion in doctype parsing 2056354 - CVE-2022-25314 expat: integer overflow in copyString() 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 6. Package List: Red Hat JBoss Core Services on RHEL 7 Server: Source: jbcs-httpd24-apr-1.7.0-6.el7jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-98.el7jbcs.src.rpm jbcs-httpd24-brotli-1.0.9-2.el7jbcs.src.rpm jbcs-httpd24-curl-7.83.1-6.el7jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-28.el7jbcs.src.rpm jbcs-httpd24-jansson-2.14-1.el7jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el7jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-15.el7jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-19.el7jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-12.el7jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.51-28.el7jbcs.noarch.rpm x86_64: jbcs-httpd24-apr-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-curl-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-devel-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-15.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-15.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-19.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-19.el7jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-12.el7jbcs.x86_64.rpm Red Hat JBoss Core Services on RHEL 8: Source: jbcs-httpd24-apr-1.7.0-6.el8jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-98.el8jbcs.src.rpm jbcs-httpd24-brotli-1.0.9-2.el8jbcs.src.rpm jbcs-httpd24-curl-7.83.1-6.el8jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-28.el8jbcs.src.rpm jbcs-httpd24-jansson-2.14-1.el8jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el8jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-15.el8jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-19.el8jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-12.el8jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.51-28.el8jbcs.noarch.rpm x86_64: jbcs-httpd24-apr-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-curl-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-devel-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-15.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-15.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-19.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-19.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-12.el8jbcs.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-41524 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-23990 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY1nOZtzjgjWX9erEAQjuIxAApYL8vG/A+EEcbUqbTvVWogX49KtpAbJR V1Gv6llWWogAKT9HEE9AGansLscDYD8cyh6TNShY7lDkX7iYchzJLCs6IYDhBzls j7jSdQEgpEVUCPLdKA17rFMO5FvZSlp0pgvFjSH3r+Q1+IVhsxKSXagTbFaTqGgP JVqYMrbot+wzwkC1oHda0/Wh4UwqraveivOT/56FOXw6T0uxF0G51RuT+GSusUFe p7hwNNbE/xWONnQu29QNqMdB9IYFTEjpDV1Tn2i2wPMl1IhQVFhQUqgpjfL29KLc M+bOg6nE2NP4a6+YcYQevKwWTmq+VMLwwwCaNKsqFtK9KrDc/cy3nEDvBwQNx6gM +OjpDGXbUBvKe6qkXIXMbBuJA1hDug+wdlGlDsC6n1MR6EKFPLs3oDdmsVMyAeXv uA9lgkdwIeMpJ96JyDwQ5pCQ94NdLUPy84PlNPH3TJYshpp1di9tFe9MQ9j5lOds RMsc1OJLl06aavpMuyFLoV71+xFksTCeNZVEBlSr31kaf1wxr0hG3oCMjlFw/QcY FmY8nMirBSnrhGcOzg9zx4gfdvdf84mLmoRIAX/r1O5/RtiV13RQRp8/vo0h+4ou Btep5k5CnSag4tBSWvSzX5oaEcrCvaCU9CI/2vhmocTl5O1nsJVvWIHrbu7ygorx m+Yms1hf0io=Dgle -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Expat is a C library for parsing XML documents

Trust: 1.62

sources: NVD: CVE-2021-45960 // VULHUB: VHN-410670 // VULMON: CVE-2021-45960 // PACKETSTORM: 166431 // PACKETSTORM: 166433 // PACKETSTORM: 166812 // PACKETSTORM: 169540 // PACKETSTORM: 169541 // PACKETSTORM: 166348

AFFECTED PRODUCTS

vendor:	siemens	model:	sinema remote connect server	scope:	lt	version:	3.1	Trust: 1.0
vendor:	tenable	model:	nessus	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	tenable	model:	nessus	scope:	lt	version:	8.15.3	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	libexpat	model:	libexpat	scope:	lt	version:	2.4.3	Trust: 1.0
vendor:	tenable	model:	nessus	scope:	lt	version:	10.1.1	Trust: 1.0
vendor:	netapp	model:	solidfire \& hci management node	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	hci baseboard management controller	scope:	eq	version:	h610s	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	netapp	model:	hci baseboard management controller	scope:	eq	version:	h615c	Trust: 1.0
vendor:	netapp	model:	oncommand workflow automation	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	hci baseboard management controller	scope:	eq	version:	h610c	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0

sources: NVD: CVE-2021-45960

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45960
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202201-037
value:	HIGH
Trust: 0.6
VULHUB:	VHN-410670
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-45960
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-45960
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-410670
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-45960
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-410670 // VULMON: CVE-2021-45960 // CNNVD: CNNVD-202201-037 // NVD: CVE-2021-45960

PROBLEMTYPE DATA

problemtype:

CWE-682

Trust: 1.1

sources: VULHUB: VHN-410670 // NVD: CVE-2021-45960

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-037

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202201-037

PATCH

title:	Expat Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=177177	Trust: 0.6
title:	Debian CVElist Bug Report Logs: expat: CVE-2021-45960: A large number of prefixed XML attributes on a single tag can crash libexpat (troublesome left shifts by >=29 bits in function storeAtts)	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=23cccfe2296ab082c7121ac5a8440638	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2022-1588	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1588	Trust: 0.1
title:	Red Hat: CVE-2021-45960	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-45960	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1788	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1788	Trust: 0.1
title:	Red Hat: Important: expat security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220951 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift GitOps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221039 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221734 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift GitOps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221041 - Security Advisory	Trust: 0.1
title:	Red Hat: Low: Release of OpenShift Serverless Version 1.22.0	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221747 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-5073-1 expat -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=131f3d669e0814049dd7f5b87ef0af84	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift GitOps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221042 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221083 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221476 - Security Advisory	Trust: 0.1
title:	Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2022-05	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-017	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-017	Trust: 0.1
title:	Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221396 - Security Advisory	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d	Trust: 0.1
title:	myapp-container-jaxrs	url:	https://github.com/akiraabe/myapp-container-jaxrs	Trust: 0.1

sources: VULMON: CVE-2021-45960 // CNNVD: CNNVD-202201-037

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45960	Trust: 2.4
db:	OPENWALL	id:	OSS-SECURITY/2022/01/17/3	Trust: 1.7
db:	SIEMENS	id:	SSA-484086	Trust: 1.7
db:	TENABLE	id:	TNS-2022-05	Trust: 1.7
db:	PACKETSTORM	id:	166348	Trust: 0.8
db:	PACKETSTORM	id:	169541	Trust: 0.8
db:	PACKETSTORM	id:	167008	Trust: 0.7
db:	PACKETSTORM	id:	166496	Trust: 0.7
db:	PACKETSTORM	id:	166976	Trust: 0.7
db:	PACKETSTORM	id:	166437	Trust: 0.7
db:	PACKETSTORM	id:	168578	Trust: 0.7
db:	PACKETSTORM	id:	166516	Trust: 0.7
db:	PACKETSTORM	id:	166812	Trust: 0.7
db:	CS-HELP	id:	SB2022072065	Trust: 0.6
db:	CS-HELP	id:	SB2022072710	Trust: 0.6
db:	CS-HELP	id:	SB2022060617	Trust: 0.6
db:	CS-HELP	id:	SB2022032843	Trust: 0.6
db:	CS-HELP	id:	SB2022072608	Trust: 0.6
db:	CS-HELP	id:	SB2022061216	Trust: 0.6
db:	CS-HELP	id:	SB2022041954	Trust: 0.6
db:	CS-HELP	id:	SB2022032013	Trust: 0.6
db:	CS-HELP	id:	SB2022011713	Trust: 0.6
db:	CS-HELP	id:	SB2022031627	Trust: 0.6
db:	CS-HELP	id:	SB2022022416	Trust: 0.6
db:	CS-HELP	id:	SB2022070605	Trust: 0.6
db:	CS-HELP	id:	SB2022020902	Trust: 0.6
db:	CS-HELP	id:	SB2022021418	Trust: 0.6
db:	CS-HELP	id:	SB2022033002	Trust: 0.6
db:	CS-HELP	id:	SB2022032445	Trust: 0.6
db:	CS-HELP	id:	SB2022042116	Trust: 0.6
db:	ICS CERT	id:	ICSA-22-167-17	Trust: 0.6
db:	PACKETSTORM	id:	166088	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0626	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.4174	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1154	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1677	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1263	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3299	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5666	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0369	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2165	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0749	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-037	Trust: 0.6
db:	PACKETSTORM	id:	166433	Trust: 0.2
db:	PACKETSTORM	id:	166431	Trust: 0.2
db:	PACKETSTORM	id:	169540	Trust: 0.2
db:	CNVD	id:	CNVD-2022-05481	Trust: 0.1
db:	VULHUB	id:	VHN-410670	Trust: 0.1
db:	VULMON	id:	CVE-2021-45960	Trust: 0.1

sources: VULHUB: VHN-410670 // VULMON: CVE-2021-45960 // PACKETSTORM: 166431 // PACKETSTORM: 166433 // PACKETSTORM: 166812 // PACKETSTORM: 169540 // PACKETSTORM: 169541 // PACKETSTORM: 166348 // CNNVD: CNNVD-202201-037 // NVD: CVE-2021-45960

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20220121-0004/	Trust: 1.7
url:	https://www.tenable.com/security/tns-2022-05	Trust: 1.7
url:	https://www.debian.org/security/2022/dsa-5073	Trust: 1.7
url:	https://security.gentoo.org/glsa/202209-24	Trust: 1.7
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1217609	Trust: 1.7
url:	https://github.com/libexpat/libexpat/issues/531	Trust: 1.7
url:	https://github.com/libexpat/libexpat/pull/534	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2022/01/17/3	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45960	Trust: 1.2
url:	https://access.redhat.com/security/cve/cve-2022-25315	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-22824	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-22823	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-22822	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-23852	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-22827	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22822	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-46143	Trust: 0.6
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-46143	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-22825	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-25235	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-45960	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-22826	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-25236	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072710	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031627	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1154	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022022416	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041954	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022061216	Trust: 0.6
url:	https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022020902	Trust: 0.6
url:	https://packetstormsecurity.com/files/166516/red-hat-security-advisory-2022-1083-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4174	Trust: 0.6
url:	https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022021418	Trust: 0.6
url:	https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032843	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022070605	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072608	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5666	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032445	Trust: 0.6
url:	https://vigilance.fr/vulnerability/expat-memory-corruption-via-storeatts-37269	Trust: 0.6
url:	https://packetstormsecurity.com/files/166496/red-hat-security-advisory-2022-1069-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072065	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1263	Trust: 0.6
url:	https://packetstormsecurity.com/files/166088/ubuntu-security-notice-usn-5288-1.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060617	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042116	Trust: 0.6
url:	https://packetstormsecurity.com/files/166812/red-hat-security-advisory-2022-1476-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032013	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022033002	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011713	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0749	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2165	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0626	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3299	Trust: 0.6
url:	https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0369	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1677	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22825	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22823	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22826	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22824	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22827	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23852	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2022-0261	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-23219	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-23177	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-31566	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-23218	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0361	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0261	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-23308	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0318	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3999	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0413	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-0392	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-0361	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23177	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0359	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-0318	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0392	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-0413	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-0359	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3999	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31566	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1025	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23219	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-24407	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24407	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-24731	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23218	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24730	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-0811	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23308	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0811	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-24730	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-1025	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25236	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25235	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-33193	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44224	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25313	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-36160	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39275	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-41524	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33193	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41524	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-23990	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25314	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-44224	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36160	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-39275	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-25710	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1042	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25709	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25710	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25709	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1041	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24731	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0536	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0235	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0330	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0516	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0516	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0330	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41190	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0920	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22942	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-27191	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0847	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0155	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23566	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-0920	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0155	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0435	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0435	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0492	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-4154	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1476	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0144	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-41190	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23566	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0235	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24450	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-43565	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-43565	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0536	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0847	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0144	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0492	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:7144	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:7143	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0951	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25315	Trust: 0.1

sources: VULHUB: VHN-410670 // PACKETSTORM: 166431 // PACKETSTORM: 166433 // PACKETSTORM: 166812 // PACKETSTORM: 169540 // PACKETSTORM: 169541 // PACKETSTORM: 166348 // CNNVD: CNNVD-202201-037 // NVD: CVE-2021-45960

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 166431 // PACKETSTORM: 166433 // PACKETSTORM: 166812 // PACKETSTORM: 169540 // PACKETSTORM: 169541 // PACKETSTORM: 166348

SOURCES

db:	VULHUB	id:	VHN-410670
db:	VULMON	id:	CVE-2021-45960
db:	PACKETSTORM	id:	166431
db:	PACKETSTORM	id:	166433
db:	PACKETSTORM	id:	166812
db:	PACKETSTORM	id:	169540
db:	PACKETSTORM	id:	169541
db:	PACKETSTORM	id:	166348
db:	CNNVD	id:	CNNVD-202201-037
db:	NVD	id:	CVE-2021-45960

LAST UPDATE DATE

2024-12-20T20:54:17.994000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-410670	date:	2022-10-06T00:00:00
db:	VULMON	id:	CVE-2021-45960	date:	2022-10-06T00:00:00
db:	CNNVD	id:	CNNVD-202201-037	date:	2022-11-09T00:00:00
db:	NVD	id:	CVE-2021-45960	date:	2024-11-21T06:33:22.270

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-410670	date:	2022-01-01T00:00:00
db:	VULMON	id:	CVE-2021-45960	date:	2022-01-01T00:00:00
db:	PACKETSTORM	id:	166431	date:	2022-03-24T14:34:35
db:	PACKETSTORM	id:	166433	date:	2022-03-24T14:36:50
db:	PACKETSTORM	id:	166812	date:	2022-04-21T15:12:25
db:	PACKETSTORM	id:	169540	date:	2022-10-27T13:05:19
db:	PACKETSTORM	id:	169541	date:	2022-10-27T13:05:26
db:	PACKETSTORM	id:	166348	date:	2022-03-17T15:51:32
db:	CNNVD	id:	CNNVD-202201-037	date:	2022-01-01T00:00:00
db:	NVD	id:	CVE-2021-45960	date:	2022-01-01T19:15:08.030