Action not permitted
Modal body text goes here.
CVE-2021-3450
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:53:17.644Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b" }, { "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd" }, { "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1" }, { "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2" }, { "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3" }, { "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4" }, { "name": "GLSA-202103-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202103-03" }, { "name": "FEDORA-2021-cbf14ab8f9", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2021-09" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210326-0006/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2021-05" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2021-08" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "status": "affected", "version": "Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)" } ] } ], "credits": [ { "lang": "en", "value": "Benjamin Kaduk (Akamai), Xiang Ding (Akamai), others at Akamai" } ], "datePublic": "2021-03-25T00:00:00", "descriptions": [ { "lang": "en", "value": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)." } ], "metrics": [ { "other": { "content": { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#High", "value": "High" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Invalid Certificate Verification", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-25T16:35:11", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b" }, { "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd" }, { "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1" }, { "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2" }, { "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3" }, { "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4" }, { "name": "GLSA-202103-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202103-03" }, { "name": "FEDORA-2021-cbf14ab8f9", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2021-09" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210326-0006/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2021-05" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2021-08" }, { "tags": [ "x_refsource_MISC" ], "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "title": "CA certificate check bypass with X509_V_FLAG_X509_STRICT", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "openssl-security@openssl.org", "DATE_PUBLIC": "2021-03-25", "ID": "CVE-2021-3450", "STATE": "PUBLIC", "TITLE": "CA certificate check bypass with X509_V_FLAG_X509_STRICT" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OpenSSL", "version": { "version_data": [ { "version_value": "Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)" } ] } } ] }, "vendor_name": "OpenSSL" } ] } }, "credit": [ { "lang": "eng", "value": "Benjamin Kaduk (Akamai), Xiang Ding (Akamai), others at Akamai" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)." } ] }, "impact": [ { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#High", "value": "High" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Invalid Certificate Verification" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.openssl.org/news/secadv/20210325.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "name": "https://www.openssl.org/news/secadv/20210325.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b" }, { "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd" }, { "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1" }, { "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2" }, { "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3" }, { "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4" }, { "name": "GLSA-202103-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202103-03" }, { "name": "FEDORA-2021-cbf14ab8f9", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "https://www.tenable.com/security/tns-2021-09", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-09" }, { "name": "https://security.netapp.com/advisory/ntap-20210326-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210326-0006/" }, { "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc", "refsource": "MISC", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc" }, { "name": "https://www.tenable.com/security/tns-2021-05", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-05" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356" }, { "name": "https://www.tenable.com/security/tns-2021-08", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-08" }, { "name": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html", "refsource": "MISC", "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845", "refsource": "CONFIRM", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845" }, { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2021-3450", "datePublished": "2021-03-25T14:25:14.287899Z", "dateReserved": "2021-03-19T00:00:00", "dateUpdated": "2024-09-17T03:07:10.879Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-3450\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2021-03-25T15:15:13.560\",\"lastModified\":\"2023-11-07T03:38:00.923\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \\\"purpose\\\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \\\"purpose\\\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).\"},{\"lang\":\"es\",\"value\":\"El flag X509_V_FLAG_X509_STRICT permite llevar a cabo comprobaciones de seguridad adicionales de los certificados presentes en una cadena de certificados. No est\u00e1 establecido por defecto. A partir de la versi\u00f3n 1.1.1h de OpenSSL, se a\u00f1adi\u00f3 como comprobaci\u00f3n estricta adicional la de no permitir certificados en la cadena que tengan par\u00e1metros de curva el\u00edptica codificados expl\u00edcitamente. Un error en la implementaci\u00f3n de esta comprobaci\u00f3n significaba que el resultado de una comprobaci\u00f3n previa para confirmar que los certificados de la cadena son certificados de CA v\u00e1lidos fueron sobrescritos. De este modo, se omite la comprobaci\u00f3n de que los certificados que no son de CA no deben poder emitir otros certificados. Si se ha configurado un \\\"purpose\\\", se presenta la posibilidad de comprobar posteriormente que el certificado es una CA v\u00e1lida. Todos los valores de \\\"purpose\\\" implementados en libcrypto llevan a cabo esta comprobaci\u00f3n. Por lo tanto, cuando se establece un prop\u00f3sito, la cadena de certificados seguir\u00e1 siendo rechazada inclusive cuando se haya usado el flag strict. Se establece un prop\u00f3sito por defecto en las rutinas de verificaci\u00f3n de certificados de cliente servidor de libssl, pero puede ser anulado o eliminado por una aplicaci\u00f3n. Para que se vea afectada, una aplicaci\u00f3n debe establecer expl\u00edcitamente el flag de verificaci\u00f3n X509_V_FLAG_X509_STRICT y no establecer un prop\u00f3sito para la verificaci\u00f3n de certificados o, en el caso de las aplicaciones de cliente o servidor TLS, anular el prop\u00f3sito por defecto. Este problema afecta a las versiones 1.1.1h y posteriores de OpenSSL. Los usuarios de estas versiones deben actualizar a OpenSSL versi\u00f3n 1.1.1k. OpenSSL versi\u00f3n 1.0.2 no est\u00e1 afectado por este problema. Corregido en OpenSSL versi\u00f3n 1.1.1k (Afectadas versiones 1.1.1h-1.1.1j)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1.1h\",\"versionEndExcluding\":\"1.1.1k\",\"matchCriteriaId\":\"34F17CB9-A706-45F7-ADCB-F095B0581798\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"73D9C08B-8F5B-40C4-A5BD-B00D2E4C012D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62A178A3-6A52-4981-9A27-FB07AD8AF778\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"54A487B1-E5CE-4C76-87E8-518D24C5D86D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:santricity_smi-s_provider_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"255C64D2-51AF-425B-8A01-91DB4D126812\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC1E143B-C678-4F62-B51C-CF2A22E11B12\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:storagegrid_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA225A10-CED4-484F-ADDB-932FAAECAF5D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:storagegrid:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"151055B2-9F63-420B-97F4-A434BFBC9A06\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:linux:-:*:*:*:cd:*:*:*\",\"matchCriteriaId\":\"1662CB7A-B0E8-4D57-AEE4-2115F682D2BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:linux:17.0:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"7B99877A-BCA1-49D0-99E6-F95409821B5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:linux:18.0:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"6F7913BB-308B-47B0-80FC-F820784843EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:linux:19.0:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"67613657-08D6-4CBF-AAF4-9355054D24C4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"280AA828-6FA9-4260-8EC1-019423B966E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7CF3019-975D-40BB-A8A4-894E62BD3797\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADFF451-740F-4DBA-BD23-3881945D3E40\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.13.1\",\"matchCriteriaId\":\"0AC12300-9051-4C70-9941-9FE5E64B4B30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.1\",\"versionEndIncluding\":\"8.2.3\",\"matchCriteriaId\":\"DB8B7710-2558-4153-B018-55943E10CBE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"657682A0-54D5-4DC6-A98E-8BAF685926C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FC5C76C-3474-4B26-8CF0-2DFAFA3D5458\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8661D361-71B5-4C41-A818-C89EC551D900\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"253603DC-2D92-442A-B3A8-A63E14D8A070\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E112CFF-31F9-4D87-9A1B-AE0FCF69615E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A3622F5-5976-4BBC-A147-FC8A6431EA79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61516569-C48F-4362-B334-8CA10EDB0EC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"058C7C4B-D692-49DE-924A-C2725A8162D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"0F0434A5-F2A1-4973-917C-A95F2ABE97D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"96DD93E0-274E-4C36-99F3-EEF085E57655\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.6.0\",\"matchCriteriaId\":\"86305E47-33E9-411C-B932-08C395C09982\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B1CAD50-749F-4ADB-A046-BF3585677A58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0.23\",\"matchCriteriaId\":\"A8782A14-89B0-45EE-A5CB-FF715F5BA379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0.23\",\"matchCriteriaId\":\"F48F2267-61EA-4F12-ADE9-85CB6F6B290E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.7.33\",\"matchCriteriaId\":\"5C40ECC8-933B-47A4-8082-FCF0EF9C973E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.15\",\"versionEndIncluding\":\"8.0.23\",\"matchCriteriaId\":\"32714AD7-BCD1-4624-9923-5E6D927CF3CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0.23\",\"matchCriteriaId\":\"CB1A94E1-A6C6-488D-A74C-6C0B24637272\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.57\",\"versionEndIncluding\":\"8.59\",\"matchCriteriaId\":\"73DC7DDB-3405-4734-9A8E-7E1D4646CDEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.1.0.1.0\",\"matchCriteriaId\":\"C01E8B82-71C7-4A4A-A70A-7B147524AB4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DA11710-9EA8-49B4-8FD1-3AEE442F6ADC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway:8.2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEA7F1FD-9FAB-4654-98B0-4588EEC8B69A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway:9.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"868B2C4B-CE6B-41DA-A373-7D4FA51EFE9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway:10.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"550F47A2-3393-481E-BC40-CE606BFA8776\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway_cloud_service:8.2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43392D27-6C07-41C7-A17F-10C433338CE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway_cloud_service:9.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FBF6C4C-195F-49A7-861D-52677D9BE58D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:web_gateway_cloud_service:10.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90732D53-E802-4E1B-B6C8-B1FDCE7905A4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sma100_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.2.1.0-17sv\",\"matchCriteriaId\":\"B1F6C5D7-AEC1-4792-BBA7-A83542430E1A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E4A2B7B-40F5-4AE0-ACC7-E94B82435DBA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sonicwall:capture_client:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.6.24\",\"matchCriteriaId\":\"1F7545BE-AB25-4BB7-8091-8D03BBD910A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.11\",\"matchCriteriaId\":\"F0B75C3A-7E3A-434A-A045-44A071CB193B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.0.1-r1456\",\"matchCriteriaId\":\"50478447-8102-4BC4-9E96-3165B20B8BE8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.24.1\",\"matchCriteriaId\":\"5C547B5B-8C6D-49AF-90D4-2F6E2F7E512B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.22.1\",\"matchCriteriaId\":\"3469E4CF-1739-4BE4-B513-4DC771CD2805\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndExcluding\":\"14.16.1\",\"matchCriteriaId\":\"1D2CA9D6-98EE-44B7-9C9D-5A6B55BCA025\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndExcluding\":\"15.14.0\",\"matchCriteriaId\":\"3ED4D313-F372-4CC1-BE11-6BBA2F0E90E3\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2021/03/27/1\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/03/27/2\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/03/28/3\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/03/28/4\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202103-03\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210326-0006/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20210325.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-05\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-08\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-09\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
gsd-2021-3450
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2021-3450", "description": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).", "id": "GSD-2021-3450", "references": [ "https://www.suse.com/security/cve/CVE-2021-3450.html", "https://access.redhat.com/errata/RHSA-2021:1203", "https://access.redhat.com/errata/RHSA-2021:1202", "https://access.redhat.com/errata/RHSA-2021:1200", "https://access.redhat.com/errata/RHSA-2021:1199", "https://access.redhat.com/errata/RHSA-2021:1196", "https://access.redhat.com/errata/RHSA-2021:1195", "https://access.redhat.com/errata/RHSA-2021:1189", "https://access.redhat.com/errata/RHSA-2021:1024", "https://advisories.mageia.org/CVE-2021-3450.html", "https://security.archlinux.org/CVE-2021-3450", "https://linux.oracle.com/cve/CVE-2021-3450.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-3450" ], "details": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).", "id": "GSD-2021-3450", "modified": "2023-12-13T01:23:34.717567Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "openssl-security@openssl.org", "DATE_PUBLIC": "2021-03-25", "ID": "CVE-2021-3450", "STATE": "PUBLIC", "TITLE": "CA certificate check bypass with X509_V_FLAG_X509_STRICT" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OpenSSL", "version": { "version_data": [ { "version_value": "Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)" } ] } } ] }, "vendor_name": "OpenSSL" } ] } }, "credit": [ { "lang": "eng", "value": "Benjamin Kaduk (Akamai), Xiang Ding (Akamai), others at Akamai" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)." } ] }, "impact": [ { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#High", "value": "High" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Invalid Certificate Verification" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.openssl.org/news/secadv/20210325.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "name": "https://www.openssl.org/news/secadv/20210325.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b" }, { "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd" }, { "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1" }, { "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2" }, { "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3" }, { "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4" }, { "name": "GLSA-202103-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202103-03" }, { "name": "FEDORA-2021-cbf14ab8f9", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "https://www.tenable.com/security/tns-2021-09", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-09" }, { "name": "https://security.netapp.com/advisory/ntap-20210326-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210326-0006/" }, { "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc", "refsource": "MISC", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc" }, { "name": "https://www.tenable.com/security/tns-2021-05", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-05" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356" }, { "name": "https://www.tenable.com/security/tns-2021-08", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-08" }, { "name": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html", "refsource": "MISC", "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845", "refsource": "CONFIRM", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845" }, { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003e=1.1.1h \u003c1.1.1k", "affected_versions": "All versions starting from 1.1.1h before 1.1.1k", "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cwe_ids": [ "CWE-1035", "CWE-295", "CWE-937" ], "date": "2023-08-04", "description": "The `X509_V_FLAG_X509_STRICT` flag enables additional security checks of the certificates present in a certificate chain. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a `purpose` has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named `purpose` values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A `purpose` is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the `X509_V_FLAG_X509_STRICT` verification flag and either not set a `purpose` for the certificate verification or, in the case of TLS client or server applications, override the default `purpose`.", "fixed_versions": [ "1.1.1q" ], "identifier": "CVE-2021-3450", "identifiers": [ "CVE-2021-3450" ], "not_impacted": "All versions before 1.1.1h, all versions starting from 1.1.1k", "package_slug": "conan/openssl", "pubdate": "2021-03-25", "solution": "Upgrade to version 1.1.1q or above.", "title": "Improper Certificate Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-3450", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b", "https://www.openssl.org/news/secadv/20210325.txt" ], "uuid": "825f6fc7-d399-49bb-a3aa-9308f2bdb7c1" }, { "affected_range": "(,8.0.23]", "affected_versions": "All versions up to 8.0.23", "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cwe_ids": [ "CWE-1035", "CWE-295", "CWE-937" ], "date": "2023-08-04", "description": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).", "fixed_versions": [], "identifier": "CVE-2021-3450", "identifiers": [ "CVE-2021-3450" ], "not_impacted": "", "package_slug": "maven/mysql-connector-java", "pubdate": "2021-03-25", "solution": "Unfortunately, there is no solution available yet.", "title": "Improper Certificate Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-3450" ], "uuid": "bf44e8db-3946-4325-bd98-4568d9e2b3fd" }, { "affected_range": "\u003c=8.0.23", "affected_versions": "All versions up to 8.0.23", "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cwe_ids": [ "CWE-1035", "CWE-295", "CWE-937" ], "date": "2023-08-04", "description": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).", "fixed_versions": [ "8.0.24" ], "identifier": "CVE-2021-3450", "identifiers": [ "CVE-2021-3450" ], "not_impacted": "All versions after 8.0.23", "package_slug": "pypi/mysql-connector-python", "pubdate": "2021-03-25", "solution": "Upgrade to version 8.0.24 or above.", "title": "Improper Certificate Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-3450", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b", "https://www.openssl.org/news/secadv/20210325.txt", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd", "https://security.netapp.com/advisory/ntap-20210326-0006/", "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc", "http://www.openwall.com/lists/oss-security/2021/03/27/1", "http://www.openwall.com/lists/oss-security/2021/03/27/2", "http://www.openwall.com/lists/oss-security/2021/03/28/3", "http://www.openwall.com/lists/oss-security/2021/03/28/4", "https://security.gentoo.org/glsa/202103-03", "https://www.tenable.com/security/tns-2021-05", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/", "https://www.tenable.com/security/tns-2021-08", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356", "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html", "https://www.tenable.com/security/tns-2021-09", "https://www.oracle.com/security-alerts/cpuApr2021.html", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013", "https://www.oracle.com//security-alerts/cpujul2021.html", "https://www.oracle.com/security-alerts/cpuoct2021.html", "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "https://www.oracle.com/security-alerts/cpuapr2022.html" ], "uuid": "31bd2f89-2664-4eb5-86a2-f3670f4585f6" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.1k", "versionStartIncluding": "1.1.1h", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:santricity_smi-s_provider_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:storagegrid_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:storagegrid:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:windriver:linux:-:*:*:*:cd:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:windriver:linux:18.0:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:windriver:linux:19.0:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:windriver:linux:17.0:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.3", "versionStartIncluding": "8.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.13.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.23", "versionStartIncluding": "8.0.15", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.7.33", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.23", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.23", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.6.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.23", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "18.1.0.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.59", "versionStartIncluding": "8.57", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway_cloud_service:10.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway_cloud_service:9.2.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway_cloud_service:8.2.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:10.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:9.2.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:8.2.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:sonicwall:sma100_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.2.1.0-17sv", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.0.1-r1456", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.11", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sonicwall:capture_client:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.6.24", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "15.14.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "14.16.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "12.22.1", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "10.24.1", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "openssl-security@openssl.org", "ID": "CVE-2021-3450" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-295" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b", "refsource": "CONFIRM", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b" }, { "name": "https://www.openssl.org/news/secadv/20210325.txt", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021", "refsource": "CISCO", "tags": [ "Third Party Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd" }, { "name": "https://security.netapp.com/advisory/ntap-20210326-0006/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210326-0006/" }, { "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc" }, { "name": "[oss-security] 20210327 OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1" }, { "name": "[oss-security] 20210327 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2" }, { "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3" }, { "name": "[oss-security] 20210328 Re: OpenSSL 1.1.1 CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT, CVE-2021-3449 NULL pointer deref in signature_algorithms processing", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4" }, { "name": "GLSA-202103-03", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202103-03" }, { "name": "https://www.tenable.com/security/tns-2021-05", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2021-05" }, { "name": "FEDORA-2021-cbf14ab8f9", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/" }, { "name": "https://www.tenable.com/security/tns-2021-08", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2021-08" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356" }, { "name": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html", "refsource": "MISC", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html" }, { "name": "https://www.tenable.com/security/tns-2021-09", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2021-09" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845" }, { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013" }, { "name": "N/A", "refsource": "N/A", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "N/A", "refsource": "N/A", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.2 } }, "lastModifiedDate": "2023-08-04T17:06Z", "publishedDate": "2021-03-25T15:15Z" } } }
var-202103-1463
Vulnerability from variot
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an malicious user to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/
Security:
-
fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321)
-
fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322)
-
nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)
-
redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)
-
redis: Integer overflow via COPY command for large intsets (CVE-2021-29478)
-
nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
-
nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
-
golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing
-
-u- extension (CVE-2020-28851)
-
golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
-
nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)
-
oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)
-
redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
nodejs-lodash: command injection via template (CVE-2021-23337)
-
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362)
-
browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)
-
nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)
-
nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)
-
openssl: integer overflow in CipherUpdate (CVE-2021-23840)
-
openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)
-
nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)
-
grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358)
-
nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)
-
nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)
-
ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
-
normalize-url: ReDoS for data URLs (CVE-2021-33502)
-
nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)
-
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)
-
html-parse-stringify: Regular Expression DoS (CVE-2021-23346)
-
openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
Bugs:
-
RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444)
-
cluster became offline after apiserver health check (BZ# 1942589)
-
Bugs fixed (https://bugzilla.redhat.com/):
1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters
Bug fix:
-
RHACM 2.0.10 images (BZ #1940452)
-
Bugs fixed (https://bugzilla.redhat.com/):
1940452 - RHACM 2.0.10 images 1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.10.3 security update Advisory ID: RHSA-2022:0056-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0056 Issue date: 2022-03-10 CVE Names: CVE-2014-3577 CVE-2016-10228 CVE-2017-14502 CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9169 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 CVE-2019-19906 CVE-2019-20454 CVE-2019-20807 CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 CVE-2020-25660 CVE-2020-25677 CVE-2020-27618 CVE-2020-27781 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2021-3121 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 CVE-2021-3733 CVE-2021-3749 CVE-2021-20305 CVE-2021-21684 CVE-2021-22946 CVE-2021-22947 CVE-2021-25215 CVE-2021-27218 CVE-2021-30666 CVE-2021-30761 CVE-2021-30762 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 CVE-2021-36222 CVE-2021-37750 CVE-2021-39226 CVE-2021-41190 CVE-2021-43813 CVE-2021-44716 CVE-2021-44717 CVE-2022-0532 CVE-2022-21673 CVE-2022-24407 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.3. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2022:0055
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
Security Fix(es):
- gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
- grafana: Snapshot authentication bypass (CVE-2021-39226)
- golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
- nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
- golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
- grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
- grafana: directory traversal vulnerability (CVE-2021-43813)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-x86_64
The image digest is sha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-s390x
The image digest is sha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le
The image digest is sha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c
All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for moderate instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1808240 - Always return metrics value for pods under the user's namespace
1815189 - feature flagged UI does not always become available after operator installation
1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters
1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly
1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal
1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered
1878925 - 'oc adm upgrade --to ...' rejects versions which occur only in history, while the cluster-version operator supports history fallback
1880738 - origin e2e test deletes original worker
1882983 - oVirt csi driver should refuse to provision RWX and ROX PV
1886450 - Keepalived router id check not documented for RHV/VMware IPI
1889488 - The metrics endpoint for the Scheduler is not protected by RBAC
1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom
1896474 - Path based routing is broken for some combinations
1897431 - CIDR support for additional network attachment with the bridge CNI plug-in
1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes
1907433 - Excessive logging in image operator
1909906 - The router fails with PANIC error when stats port already in use
1911173 - [MSTR-998] Many charts' legend names show {{}} instead of words
1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting.
1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true)
1917893 - [ovirt] install fails: due to terraform error "Cannot attach Virtual Disk: Disk is locked" on vm resource
1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1926522 - oc adm catalog does not clean temporary files
1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes.
1928141 - kube-storage-version-migrator constantly reporting type "Upgradeable" status Unknown
1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it's storageclass is not yet finished, confusing users
1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x
1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade
1937085 - RHV UPI inventory playbook missing guarantee_memory
1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion
1938236 - vsphere-problem-detector does not support overriding log levels via storage CR
1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods
1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer
1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]
1942913 - ThanosSidecarUnhealthy isn't resilient to WAL replays.
1943363 - [ovn] CNO should gracefully terminate ovn-northd
1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17
1948080 - authentication should not set Available=False APIServices_Error with 503s
1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set
1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0
1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer
1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs
1953264 - "remote error: tls: bad certificate" logs in prometheus-operator container
1955300 - Machine config operator reports unavailable for 23m during upgrade
1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set
1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set
1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters
1956496 - Needs SR-IOV Docs Upstream
1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret
1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid
1956964 - upload a boot-source to OpenShift virtualization using the console
1957547 - [RFE]VM name is not auto filled in dev console
1958349 - ovn-controller doesn't release the memory after cluster-density run
1959352 - [scale] failed to get pod annotation: timed out waiting for annotations
1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not
1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]
1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects
1961391 - String updates
1961509 - DHCP daemon pod should have CPU and memory requests set but not limits
1962066 - Edit machine/machineset specs not working
1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent
1963053 - oc whoami --show-console
should show the web console URL, not the server api URL
1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters
1964327 - Support containers with name:tag@digest
1964789 - Send keys and disconnect does not work for VNC console
1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7
1966445 - Unmasking a service doesn't work if it masked using MCO
1966477 - Use GA version in KAS/OAS/OauthAS to avoid: "audit.k8s.io/v1beta1" is deprecated and will be removed in a future release, use "audit.k8s.io/v1" instead
1966521 - kube-proxy's userspace implementation consumes excessive CPU
1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up
1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount
1970218 - MCO writes incorrect file contents if compression field is specified
1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel]
1970805 - Cannot create build when docker image url contains dir structure
1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io
1972827 - image registry does not remain available during upgrade
1972962 - Should set the minimum value for the --max-icsp-size
flag of oc adm catalog mirror
1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run
1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established
1976301 - [ci] e2e-azure-upi is permafailing
1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change.
1976674 - CCO didn't set Upgradeable to False when cco mode is configured to Manual on azure platform
1976894 - Unidling a StatefulSet does not work as expected
1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases
1977414 - Build Config timed out waiting for condition 400: Bad Request
1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus
1978528 - systemd-coredump started and failed intermittently for unknown reasons
1978581 - machine-config-operator: remove runlevel from mco namespace
1979562 - Cluster operators: don't show messages when neither progressing, degraded or unavailable
1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9
1979966 - OCP builds always fail when run on RHEL7 nodes
1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading
1981549 - Machine-config daemon does not recover from broken Proxy configuration
1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel]
1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues
1982063 - 'Control Plane' is not translated in Simplified Chinese language in Home->Overview page
1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands
1982662 - Workloads - DaemonSets - Add storage: i18n misses
1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE "/secrets/encryption-config" on single node clusters
1983758 - upgrades are failing on disruptive tests
1983964 - Need Device plugin configuration for the NIC "needVhostNet" & "isRdma"
1984592 - global pull secret not working in OCP4.7.4+ for additional private registries
1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs
1985486 - Cluster Proxy not used during installation on OSP with Kuryr
1985724 - VM Details Page missing translations
1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted
1985933 - Downstream image registry recommendation
1985965 - oVirt CSI driver does not report volume stats
1986216 - [scale] SNO: Slow Pod recovery due to "timed out waiting for OVS port binding"
1986237 - "MachineNotYetDeleted" in Pending state , alert not fired
1986239 - crictl create fails with "PID namespace requested, but sandbox infra container invalid"
1986302 - console continues to fetch prometheus alert and silences for normal user
1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI
1986338 - error creating list of resources in Import YAML
1986502 - yaml multi file dnd duplicates previous dragged files
1986819 - fix string typos for hot-plug disks
1987044 - [OCPV48] Shutoff VM is being shown as "Starting" in WebUI when using spec.runStrategy Manual/RerunOnFailure
1987136 - Declare operatorframework.io/arch. labels for all operators
1987257 - Go-http-client user-agent being used for oc adm mirror requests
1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold
1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP
1988406 - SSH key dropped when selecting "Customize virtual machine" in UI
1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade
1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with "Unable to connect to the server"
1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs
1989438 - expected replicas is wrong
1989502 - Developer Catalog is disappearing after short time
1989843 - 'More' and 'Show Less' functions are not translated on several page
1990014 - oc debug Upgradeable: false
when HA workload is incorrectly spread
1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole
1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN
1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down
1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page
1996647 - Provide more useful degraded message in auth operator on DNS errors
1996736 - Large number of 501 lr-policies in INCI2 env
1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes
1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP
1996928 - Enable default operator indexes on ARM
1997028 - prometheus-operator update removes env var support for thanos-sidecar
1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used
1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller.
1997245 - "Subscription already exists in openshift-storage namespace" error message is seen while installing odf-operator via UI
1997269 - Have to refresh console to install kube-descheduler
1997478 - Storage operator is not available after reboot cluster instances
1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
1997967 - storageClass is not reserved from default wizard to customize wizard
1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order
1998038 - [e2e][automation] add tests for UI for VM disk hot-plug
1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus
1998174 - Create storageclass gp3-csi after install ocp cluster on aws
1998183 - "r: Bad Gateway" info is improper
1998235 - Firefox warning: Cookie “csrf-token” will be soon rejected
1998377 - Filesystem table head is not full displayed in disk tab
1998378 - Virtual Machine is 'Not available' in Home -> Overview -> Cluster inventory
1998519 - Add fstype when create localvolumeset instance on web console
1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses
1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page
1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable
1999091 - Console update toast notification can appear multiple times
1999133 - removing and recreating static pod manifest leaves pod in error state
1999246 - .indexignore is not ingore when oc command load dc configuration
1999250 - ArgoCD in GitOps operator can't manage namespaces
1999255 - ovnkube-node always crashes out the first time it starts
1999261 - ovnkube-node log spam (and security token leak?)
1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -> Operator Installation page
1999314 - console-operator is slow to mark Degraded as False once console starts working
1999425 - kube-apiserver with "[SHOULD NOT HAPPEN] failed to update managedFields" err="failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck)
1999556 - "master" pool should be updated before the CVO reports available at the new version occurred
1999578 - AWS EFS CSI tests are constantly failing
1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages
1999619 - cloudinit is malformatted if a user sets a password during VM creation flow
1999621 - Empty ssh_authorized_keys entry is added to VM's cloudinit if created from a customize flow
1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined
1999668 - openshift-install destroy cluster panic's when given invalid credentials to cloud provider (Azure Stack Hub)
1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource
1999771 - revert "force cert rotation every couple days for development" in 4.10
1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function
1999796 - Openshift Console Helm
tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace.
1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions
1999903 - Click "This is a CD-ROM boot source" ticking "Use template size PVC" on pvc upload form
1999983 - No way to clear upload error from template boot source
2000081 - [IPI baremetal] The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter
2000096 - Git URL is not re-validated on edit build-config form reload
2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig
2000236 - Confusing usage message from dynkeepalived CLI
2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported
2000430 - bump cluster-api-provider-ovirt version in installer
2000450 - 4.10: Enable static PV multi-az test
2000490 - All critical alerts shipped by CMO should have links to a runbook
2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded)
2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster
2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled
2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console
2000754 - IPerf2 tests should be lower
2000846 - Structure logs in the entire codebase of Local Storage Operator
2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24
2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM
2000938 - CVO does not respect changes to a Deployment strategy
2000963 - 'Inline-volume (default fs)] volumes should store data' tests are failing on OKD with updated selinux-policy
2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don't have snapshot and should be fullClone
2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole
2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api
2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error
2001337 - Details Card in ODF Dashboard mentions OCS
2001339 - fix text content hotplug
2001413 - [e2e][automation] add/delete nic and disk to template
2001441 - Test: oc adm must-gather runs successfully for audit logs - fail due to startup log
2001442 - Empty termination.log file for the kube-apiserver has too permissive mode
2001479 - IBM Cloud DNS unable to create/update records
2001566 - Enable alerts for prometheus operator in UWM
2001575 - Clicking on the perspective switcher shows a white page with loader
2001577 - Quick search placeholder is not displayed properly when the search string is removed
2001578 - [e2e][automation] add tests for vm dashboard tab
2001605 - PVs remain in Released state for a long time after the claim is deleted
2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options
2001620 - Cluster becomes degraded if it can't talk to Manila
2001760 - While creating 'Backing Store', 'Bucket Class', 'Namespace Store' user is navigated to 'Installed Operators' page after clicking on ODF
2001761 - Unable to apply cluster operator storage for SNO on GCP platform.
2001765 - Some error message in the log of diskmaker-manager caused confusion
2001784 - show loading page before final results instead of showing a transient message No log files exist
2001804 - Reload feature on Environment section in Build Config form does not work properly
2001810 - cluster admin unable to view BuildConfigs in all namespaces
2001817 - Failed to load RoleBindings list that will lead to ‘Role name’ is not able to be selected on Create RoleBinding page as well
2001823 - OCM controller must update operator status
2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start
2001835 - Could not select image tag version when create app from dev console
2001855 - Add capacity is disabled for ocs-storagecluster
2001856 - Repeating event: MissingVersion no image found for operand pod
2001959 - Side nav list borders don't extend to edges of container
2002007 - Layout issue on "Something went wrong" page
2002010 - ovn-kube may never attempt to retry a pod creation
2002012 - Cannot change volume mode when cloning a VM from a template
2002027 - Two instances of Dotnet helm chart show as one in topology
2002075 - opm render does not automatically pulling in the image(s) used in the deployments
2002121 - [OVN] upgrades failed for IPI OSP16 OVN IPSec cluster
2002125 - Network policy details page heading should be updated to Network Policy details
2002133 - [e2e][automation] add support/virtualization and improve deleteResource
2002134 - [e2e][automation] add test to verify vm details tab
2002215 - Multipath day1 not working on s390x
2002238 - Image stream tag is not persisted when switching from yaml to form editor
2002262 - [vSphere] Incorrect user agent in vCenter sessions list
2002266 - SinkBinding create form doesn't allow to use subject name, instead of label selector
2002276 - OLM fails to upgrade operators immediately
2002300 - Altering the Schedule Profile configurations doesn't affect the placement of the pods
2002354 - Missing DU configuration "Done" status reporting during ZTP flow
2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn't use commonjs
2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation
2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN
2002397 - Resources search is inconsistent
2002434 - CRI-O leaks some children PIDs
2002443 - Getting undefined error on create local volume set page
2002461 - DNS operator performs spurious updates in response to API's defaulting of service's internalTrafficPolicy
2002504 - When the openshift-cluster-storage-operator is degraded because of "VSphereProblemDetectorController_SyncError", the insights operator is not sending the logs from all pods.
2002559 - User preference for topology list view does not follow when a new namespace is created
2002567 - Upstream SR-IOV worker doc has broken links
2002588 - Change text to be sentence case to align with PF
2002657 - ovn-kube egress IP monitoring is using a random port over the node network
2002713 - CNO: OVN logs should have millisecond resolution
2002748 - [ICNI2] 'ErrorAddingLogicalPort' failed to handle external GW check: timeout waiting for namespace event
2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite
2002763 - Two storage systems getting created with external mode RHCS
2002808 - KCM does not use web identity credentials
2002834 - Cluster-version operator does not remove unrecognized volume mounts
2002896 - Incorrect result return when user filter data by name on search page
2002950 - Why spec.containers.command is not created with "oc create deploymentconfig Create VM
missing permissions alert
2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]
2034287 - do not block upgrades if we can't create storageclass in 4.10 in vsphere
2034300 - Du validator policy is NonCompliant after DU configuration completed
2034319 - Negation constraint is not validating packages
2034322 - CNO doesn't pick up settings required when ExternalControlPlane topology
2034350 - The CNO should implement the Whereabouts IP reconciliation cron job
2034362 - update description of disk interface
2034398 - The Whereabouts IPPools CRD should include the podref field
2034409 - Default CatalogSources should be pointing to 4.10 index images
2034410 - Metallb BGP, BFD: prometheus is not scraping the frr metrics
2034413 - cloud-network-config-controller fails to init with secret "cloud-credentials" not found in manual credential mode
2034460 - Summary: cloud-network-config-controller does not account for different environment
2034474 - Template's boot source is "Unknown source" before and after set enableCommonBootImageImport to true
2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren't working properly
2034493 - Change cluster version operator log level
2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list
2034527 - IPI deployment fails 'timeout reached while inspecting the node' when provisioning network ipv6
2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer
2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART
2034537 - Update team
2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds
2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success
2034577 - Current OVN gateway mode should be reflected on node annotation as well
2034621 - context menu not popping up for application group
2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10
2034624 - Warn about unsupported CSI driver in vsphere operator
2034647 - missing volumes list in snapshot modal
2034648 - Rebase openshift-controller-manager to 1.23
2034650 - Rebase openshift/builder to 1.23
2034705 - vSphere: storage e2e tests logging configuration data
2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail.
2034766 - Special Resource Operator(SRO) - no cert-manager pod created in dual stack environment
2034785 - ptpconfig with summary_interval cannot be applied
2034823 - RHEL9 should be starred in template list
2034838 - An external router can inject routes if no service is added
2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent
2034879 - Lifecycle hook's name and owner shouldn't be allowed to be empty
2034881 - Cloud providers components should use K8s 1.23 dependencies
2034884 - ART cannot build the image because it tries to download controller-gen
2034889 - oc adm prune deployments
does not work
2034898 - Regression in recently added Events feature
2034957 - update openshift-apiserver to kube 1.23.1
2035015 - ClusterLogForwarding CR remains stuck remediating forever
2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster
2035141 - [RFE] Show GPU/Host devices in template's details tab
2035146 - "kubevirt-plugin~PVC cannot be empty" shows on add-disk modal while adding existing PVC
2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting
2035199 - IPv6 support in mtu-migration-dispatcher.yaml
2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing
2035250 - Peering with ebgp peer over multi-hops doesn't work
2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices
2035315 - invalid test cases for AWS passthrough mode
2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env
2035321 - Add Sprint 211 translations
2035326 - [ExternalCloudProvider] installation with additional network on workers fails
2035328 - Ccoctl does not ignore credentials request manifest marked for deletion
2035333 - Kuryr orphans ports on 504 errors from Neutron
2035348 - Fix two grammar issues in kubevirt-plugin.json strings
2035393 - oc set data --dry-run=server makes persistent changes to configmaps and secrets
2035409 - OLM E2E test depends on operator package that's no longer published
2035439 - SDN Automatic assignment EgressIP on GCP returned node IP adress not egressIP address
2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to 'ecs-cn-hangzhou.aliyuncs.com' timeout, although the specified region is 'us-east-1'
2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster
2035467 - UI: Queried metrics can't be ordered on Oberve->Metrics page
2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers
2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class
2035602 - [e2e][automation] add tests for Virtualization Overview page cards
2035703 - Roles -> RoleBindings tab doesn't show RoleBindings correctly
2035704 - RoleBindings list page filter doesn't apply
2035705 - Azure 'Destroy cluster' get stuck when the cluster resource group is already not existing.
2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed
2035772 - AccessMode and VolumeMode is not reserved for customize wizard
2035847 - Two dashes in the Cronjob / Job pod name
2035859 - the output of opm render doesn't contain olm.constraint which is defined in dependencies.yaml
2035882 - [BIOS setting values] Create events for all invalid settings in spec
2035903 - One redundant capi-operator credential requests in “oc adm extract --credentials-requests”
2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen
2035927 - Cannot enable HighNodeUtilization scheduler profile
2035933 - volume mode and access mode are empty in customize wizard review tab
2035969 - "ip a " shows "Error: Peer netns reference is invalid" after create test pods
2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation
2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error
2036029 - New added cloud-network-config operator doesn’t supported aws sts format credential
2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend
2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes
2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23
2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23
2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments
2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists
2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected
2036826 - oc adm prune deployments
can prune the RC/RS
2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform
2036861 - kube-apiserver is degraded while enable multitenant
2036937 - Command line tools page shows wrong download ODO link
2036940 - oc registry login fails if the file is empty or stdout
2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container
2036989 - Route URL copy to clipboard button wraps to a separate line by itself
2036990 - ZTP "DU Done inform policy" never becomes compliant on multi-node clusters
2036993 - Machine API components should use Go lang version 1.17
2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log.
2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api
2037073 - Alertmanager container fails to start because of startup probe never being successful
2037075 - Builds do not support CSI volumes
2037167 - Some log level in ibm-vpc-block-csi-controller are hard code
2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles
2037182 - PingSource badge color is not matched with knativeEventing color
2037203 - "Running VMs" card is too small in Virtualization Overview
2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly
2037237 - Add "This is a CD-ROM boot source" to customize wizard
2037241 - default TTL for noobaa cache buckets should be 0
2037246 - Cannot customize auto-update boot source
2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately
2037288 - Remove stale image reference
2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources
2037483 - Rbacs for Pods within the CBO should be more restrictive
2037484 - Bump dependencies to k8s 1.23
2037554 - Mismatched wave number error message should include the wave numbers that are in conflict
2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform]
2037635 - impossible to configure custom certs for default console route in ingress config
2037637 - configure custom certificate for default console route doesn't take effect for OCP >= 4.8
2037638 - Builds do not support CSI volumes as volume sources
2037664 - text formatting issue in Installed Operators list table
2037680 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080
2037689 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080
2037801 - Serverless installation is failing on CI jobs for e2e tests
2037813 - Metal Day 1 Networking - networkConfig Field Only Accepts String Format
2037856 - use lease for leader election
2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10
2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests
2037904 - upgrade operator deployment failed due to memory limit too low for manager container
2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation]
2038034 - non-privileged user cannot see auto-update boot source
2038053 - Bump dependencies to k8s 1.23
2038088 - Remove ipa-downloader references
2038160 - The default
project missed the annotation : openshift.io/node-selector: ""
2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional
2038196 - must-gather is missing collecting some metal3 resources
2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777)
2038253 - Validator Policies are long lived
2038272 - Failures to build a PreprovisioningImage are not reported
2038384 - Azure Default Instance Types are Incorrect
2038389 - Failing test: [sig-arch] events should not repeat pathologically
2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket
2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips
2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained
2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect
2038663 - update kubevirt-plugin OWNERS
2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via "oc adm groups new"
2038705 - Update ptp reviewers
2038761 - Open Observe->Targets page, wait for a while, page become blank
2038768 - All the filters on the Observe->Targets page can't work
2038772 - Some monitors failed to display on Observe->Targets page
2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node
2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces
2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard
2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation
2038864 - E2E tests fail because multi-hop-net was not created
2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console
2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured
2038968 - Move feature gates from a carry patch to openshift/api
2039056 - Layout issue with breadcrumbs on API explorer page
2039057 - Kind column is not wide enough in API explorer page
2039064 - Bulk Import e2e test flaking at a high rate
2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled
2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters
2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost
2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy
2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator
2039170 - [upgrade]Error shown on registry operator "missing the cloud-provider-config configmap" after upgrade
2039227 - Improve image customization server parameter passing during installation
2039241 - Improve image customization server parameter passing during installation
2039244 - Helm Release revision history page crashes the UI
2039294 - SDN controller metrics cannot be consumed correctly by prometheus
2039311 - oc Does Not Describe Build CSI Volumes
2039315 - Helm release list page should only fetch secrets for deployed charts
2039321 - SDN controller metrics are not being consumed by prometheus
2039330 - Create NMState button doesn't work in OperatorHub web console
2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations
2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters.
2039359 - oc adm prune deployments
can't prune the RS where the associated Deployment no longer exists
2039382 - gather_metallb_logs does not have execution permission
2039406 - logout from rest session after vsphere operator sync is finished
2039408 - Add GCP region northamerica-northeast2 to allowed regions
2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration
2039425 - No need to set KlusterletAddonConfig CR applicationManager->enabled: true in RAN ztp deployment
2039491 - oc - git:// protocol used in unit tests
2039516 - Bump OVN to ovn21.12-21.12.0-25
2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate
2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled
2039541 - Resolv-prepender script duplicating entries
2039586 - [e2e] update centos8 to centos stream8
2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty
2039619 - [AWS] In tree provisioner storageclass aws disk type should contain 'gp3' and csi provisioner storageclass default aws disk type should be 'gp3'
2039670 - Create PDBs for control plane components
2039678 - Page goes blank when create image pull secret
2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported
2039743 - React missing key warning when open operator hub detail page (and maybe others as well)
2039756 - React missing key warning when open KnativeServing details
2039770 - Observe dashboard doesn't react on time-range changes after browser reload when perspective is changed in another tab
2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard
2039781 - [GSS] OBC is not visible by admin of a Project on Console
2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector
2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled
2039880 - Log level too low for control plane metrics
2039919 - Add E2E test for router compression feature
2039981 - ZTP for standard clusters installs stalld on master nodes
2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead
2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced
2040143 - [IPI on Alibabacloud] suggest to remove region "cn-nanjing" or provide better error message
2040150 - Update ConfigMap keys for IBM HPCS
2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth
2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository
2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp
2040376 - "unknown instance type" error for supported m6i.xlarge instance
2040394 - Controller: enqueue the failed configmap till services update
2040467 - Cannot build ztp-site-generator container image
2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn't take affect in OpenShift 4
2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps
2040535 - Auto-update boot source is not available in customize wizard
2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name
2040603 - rhel worker scaleup playbook failed because missing some dependency of podman
2040616 - rolebindings page doesn't load for normal users
2040620 - [MAPO] Error pulling MAPO image on installation
2040653 - Topology sidebar warns that another component is updated while rendering
2040655 - User settings update fails when selecting application in topology sidebar
2040661 - Different react warnings about updating state on unmounted components when leaving topology
2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation
2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi
2040694 - Three upstream HTTPClientConfig struct fields missing in the operator
2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers
2040710 - cluster-baremetal-operator cannot update BMC subscription CR
2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms
2040782 - Import YAML page blocks input with more then one generateName attribute
2040783 - The Import from YAML summary page doesn't show the resource name if created via generateName attribute
2040791 - Default PGT policies must be 'inform' to integrate with the Lifecycle Operator
2040793 - Fix snapshot e2e failures
2040880 - do not block upgrades if we can't connect to vcenter
2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10
2041093 - autounattend.xml missing
2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates
2041319 - [IPI on Alibabacloud] installation in region "cn-shanghai" failed, due to "Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped"
2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23
2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller
2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener
2041441 - Provision volume with size 3000Gi even if sizeRange: '[10-2000]GiB' in storageclass on IBM cloud
2041466 - Kubedescheduler version is missing from the operator logs
2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses
2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR is missing (controller and speaker pods)
2041492 - Spacing between resources in inventory card is too small
2041509 - GCP Cloud provider components should use K8s 1.23 dependencies
2041510 - cluster-baremetal-operator doesn't run baremetal-operator's subscription webhook
2041541 - audit: ManagedFields are dropped using API not annotation
2041546 - ovnkube: set election timer at RAFT cluster creation time
2041554 - use lease for leader election
2041581 - KubeDescheduler operator log shows "Use of insecure cipher detected"
2041583 - etcd and api server cpu mask interferes with a guaranteed workload
2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure
2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation
2041620 - bundle CSV alm-examples does not parse
2041641 - Fix inotify leak and kubelet retaining memory
2041671 - Delete templates leads to 404 page
2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category
2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled
2041750 - [IPI on Alibabacloud] trying "create install-config" with region "cn-wulanchabu (China (Ulanqab))" (or "ap-southeast-6 (Philippines (Manila))", "cn-guangzhou (China (Guangzhou))") failed due to invalid endpoint
2041763 - The Observe > Alerting pages no longer have their default sort order applied
2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken
2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied
2041882 - cloud-network-config operator can't work normal on GCP workload identity cluster
2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases
2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist
2041971 - [vsphere] Reconciliation of mutating webhooks didn't happen
2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile
2041999 - [PROXY] external dns pod cannot recognize custom proxy CA
2042001 - unexpectedly found multiple load balancers
2042029 - kubedescheduler fails to install completely
2042036 - [IBMCLOUD] "openshift-install explain installconfig.platform.ibmcloud" contains not yet supported custom vpc parameters
2042049 - Seeing warning related to unrecognized feature gate in kubescheduler & KCM logs
2042059 - update discovery burst to reflect lots of CRDs on openshift clusters
2042069 - Revert toolbox to rhcos-toolbox
2042169 - Can not delete egressnetworkpolicy in Foreground propagation
2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool
2042265 - [IBM]"--scale-down-utilization-threshold" doesn't work on IBMCloud
2042274 - Storage API should be used when creating a PVC
2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection
2042366 - Lifecycle hooks should be independently managed
2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway
2042382 - [e2e][automation] CI takes more then 2 hours to run
2042395 - Add prerequisites for active health checks test
2042438 - Missing rpms in openstack-installer image
2042466 - Selection does not happen when switching from Topology Graph to List View
2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver
2042567 - insufficient info on CodeReady Containers configuration
2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk
2042619 - Overview page of the console is broken for hypershift clusters
2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running
2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud
2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud
2042770 - [IPI on Alibabacloud] with vpcID & vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly
2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring)
2042851 - Create template from SAP HANA template flow - VM is created instead of a new template
2042906 - Edit machineset with same machine deletion hook name succeed
2042960 - azure-file CI fails with "gid(0) in storageClass and pod fsgroup(1000) are not equal"
2043003 - [IPI on Alibabacloud] 'destroy cluster' of a failed installation (bug2041694) stuck after 'stage=Nat gateways'
2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]
2043043 - Cluster Autoscaler should use K8s 1.23 dependencies
2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props)
2043078 - Favorite system projects not visible in the project selector after toggling "Show default projects".
2043117 - Recommended operators links are erroneously treated as external
2043130 - Update CSI sidecars to the latest release for 4.10
2043234 - Missing validation when creating several BGPPeers with the same peerAddress
2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler
2043254 - crio does not bind the security profiles directory
2043296 - Ignition fails when reusing existing statically-keyed LUKS volume
2043297 - [4.10] Bootimage bump tracker
2043316 - RHCOS VM fails to boot on Nutanix AOS
2043446 - Rebase aws-efs-utils to the latest upstream version.
2043556 - Add proper ci-operator configuration to ironic and ironic-agent images
2043577 - DPU network operator
2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator
2043675 - Too many machines deleted by cluster autoscaler when scaling down
2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation
2043709 - Logging flags no longer being bound to command line
2043721 - Installer bootstrap hosts using outdated kubelet containing bugs
2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather
2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23
2043780 - Bump router to k8s.io/api 1.23
2043787 - Bump cluster-dns-operator to k8s.io/api 1.23
2043801 - Bump CoreDNS to k8s.io/api 1.23
2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown
2043961 - [OVN-K] If pod creation fails, retry doesn't work as expected.
2044201 - Templates golden image parameters names should be supported
2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8]
2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter “csi.storage.k8s.io/fstype” create pvc,pod successfully but write data to the pod's volume failed of "Permission denied"
2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects
2044347 - Bump to kubernetes 1.23.3
2044481 - collect sharedresource cluster scoped instances with must-gather
2044496 - Unable to create hardware events subscription - failed to add finalizers
2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
2044680 - Additional libovsdb performance and resource consumption fixes
2044704 - Observe > Alerting pages should not show runbook links in 4.10
2044717 - [e2e] improve tests for upstream test environment
2044724 - Remove namespace column on VM list page when a project is selected
2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff
2044808 - machine-config-daemon-pull.service: use cp
instead of cat
when extracting MCD in OKD
2045024 - CustomNoUpgrade alerts should be ignored
2045112 - vsphere-problem-detector has missing rbac rules for leases
2045199 - SnapShot with Disk Hot-plug hangs
2045561 - Cluster Autoscaler should use the same default Group value as Cluster API
2045591 - Reconciliation of aws pod identity mutating webhook did not happen
2045849 - Add Sprint 212 translations
2045866 - MCO Operator pod spam "Error creating event" warning messages in 4.10
2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin
2045916 - [IBMCloud] Default machine profile in installer is unreliable
2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment
2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify
2046137 - oc output for unknown commands is not human readable
2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance
2046297 - Bump DB reconnect timeout
2046517 - In Notification drawer, the "Recommendations" header shows when there isn't any recommendations
2046597 - Observe > Targets page may show the wrong service monitor is multiple monitors have the same namespace & label selectors
2046626 - Allow setting custom metrics for Ansible-based Operators
2046683 - [AliCloud]"--scale-down-utilization-threshold" doesn't work on AliCloud
2047025 - Installation fails because of Alibaba CSI driver operator is degraded
2047190 - Bump Alibaba CSI driver for 4.10
2047238 - When using communities and localpreferences together, only localpreference gets applied
2047255 - alibaba: resourceGroupID not found
2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions
2047317 - Update HELM OWNERS files under Dev Console
2047455 - [IBM Cloud] Update custom image os type
2047496 - Add image digest feature
2047779 - do not degrade cluster if storagepolicy creation fails
2047927 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used
2047929 - use lease for leader election
2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2048046 - New route annotation to show another URL or hide topology URL decorator doesn't work for Knative Services
2048048 - Application tab in User Preferences dropdown menus are too wide.
2048050 - Topology list view items are not highlighted on keyboard navigation
2048117 - [IBM]Shouldn't change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value
2048413 - Bond CNI: Failed to attach Bond NAD to pod
2048443 - Image registry operator panics when finalizes config deletion
2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-*
2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt
2048598 - Web terminal view is broken
2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure
2048891 - Topology page is crashed
2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class
2049043 - Cannot create VM from template
2049156 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used
2049886 - Placeholder bug for OCP 4.10.0 metadata release
2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning
2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2
2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0
2050227 - Installation on PSI fails with: 'openstack platform does not have the required standard-attr-tag network extension'
2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s]
2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members
2050310 - ContainerCreateError when trying to launch large (>500) numbers of pods across nodes
2050370 - alert data for burn budget needs to be updated to prevent regression
2050393 - ZTP missing support for local image registry and custom machine config
2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud
2050737 - Remove metrics and events for master port offsets
2050801 - Vsphere upi tries to access vsphere during manifests generation phase
2050883 - Logger object in LSO does not log source location accurately
2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit
2052062 - Whereabouts should implement client-go 1.22+
2052125 - [4.10] Crio appears to be coredumping in some scenarios
2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config
2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade.
2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests
2052598 - kube-scheduler should use configmap lease
2052599 - kube-controller-manger should use configmap lease
2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh
2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics vsphere_rwx_volumes_total
not valid
2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop
2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set.
2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1
2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch
2052756 - [4.10] PVs are not being cleaned up after PVC deletion
2053175 - oc adm catalog mirror throws 'missing signature key' error when using file://local/index
2053218 - ImagePull fails with error "unable to pull manifest from example.com/busy.box:v5 invalid reference format"
2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs
2053268 - inability to detect static lifecycle failure
2053314 - requestheader IDP test doesn't wait for cleanup, causing high failure rates
2053323 - OpenShift-Ansible BYOH Unit Tests are Broken
2053339 - Remove dev preview badge from IBM FlashSystem deployment windows
2053751 - ztp-site-generate container is missing convenience entrypoint
2053945 - [4.10] Failed to apply sriov policy on intel nics
2054109 - Missing "app" label
2054154 - RoleBinding in project without subject is causing "Project access" page to fail
2054244 - Latest pipeline run should be listed on the top of the pipeline run list
2054288 - console-master-e2e-gcp-console is broken
2054562 - DPU network operator 4.10 branch need to sync with master
2054897 - Unable to deploy hw-event-proxy operator
2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently
2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line
2055371 - Remove Check which enforces summary_interval must match logSyncInterval
2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11
2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API
2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured
2056479 - ovirt-csi-driver-node pods are crashing intermittently
2056572 - reconcilePrecaching error: cannot list resource "clusterserviceversions" in API group "operators.coreos.com" at the cluster scope"
2056629 - [4.10] EFS CSI driver can't unmount volumes with "wait: no child processes"
2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs
2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation
2056948 - post 1.23 rebase: regression in service-load balancer reliability
2057438 - Service Level Agreement (SLA) always show 'Unknown'
2057721 - Fix Proxy support in RHACM 2.4.2
2057724 - Image creation fails when NMstateConfig CR is empty
2058641 - [4.10] Pod density test causing problems when using kube-burner
2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install
2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials
2060956 - service domain can't be resolved when networkpolicy is used in OCP 4.10-rc
- References:
https://access.redhat.com/security/cve/CVE-2014-3577 https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2018-1000858 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-9952 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-25660 https://access.redhat.com/security/cve/CVE-2020-25677 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27781 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-21684 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/cve/CVE-2021-27218 https://access.redhat.com/security/cve/CVE-2021-30666 https://access.redhat.com/security/cve/CVE-2021-30761 https://access.redhat.com/security/cve/CVE-2021-30762 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/cve/CVE-2021-39226 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2021-43813 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0532 https://access.redhat.com/security/cve/CVE-2022-21673 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL 0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne eGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM CEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF aDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC Y/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp sQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO RDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN rs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry bSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z 7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT b5PUYUBIZLc= =GUDA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.1.6 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
Bug fixes:
-
RHACM 2.1.6 images (BZ#1940581)
-
When generating the import cluster string, it can include unescaped characters (BZ#1934184)
-
Bugs fixed (https://bugzilla.redhat.com/):
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1929338 - CVE-2020-35149 mquery: Code injection via merge or clone operation 1934184 - When generating the import cluster string, it can include unescaped characters 1940581 - RHACM 2.1.6 images
- Relevant releases/architectures:
Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64
- Description:
This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing
- Package List:
Red Hat JBoss Core Services on RHEL 7 Server:
Source: jbcs-httpd24-httpd-2.4.37-70.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.src.rpm jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.src.rpm jbcs-httpd24-mod_jk-1.2.48-13.redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.src.rpm jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.src.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.src.rpm
noarch: jbcs-httpd24-httpd-manual-2.4.37-70.jbcs.el7.noarch.rpm
ppc64: jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.ppc64.rpm
x86_64: jbcs-httpd24-httpd-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-60.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1g-6.jbcs.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
Security Fix(es):
- golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
- golang: net: lookup functions may return invalid host names (CVE-2021-33195)
- golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
- golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
- golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
- golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
- golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. Bugs fixed (https://bugzilla.redhat.com/):
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196
5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202103-1463", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "storagegrid", "scope": "eq", "trust": 2.0, "vendor": "netapp", "version": null }, { "model": "capture client", "scope": "lt", "trust": 1.0, "vendor": "sonicwall", "version": "3.6.24" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.6.0" }, { "model": "mysql server", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "5.7.33" }, { "model": "web gateway", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "8.2.19" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "windriver", "version": "18.0" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "14.16.1" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "15.0.0" }, { "model": "mysql enterprise monitor", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.23" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "15.14.0" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "10.24.1" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.1.0.0" }, { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.0.2" }, { "model": "web gateway cloud service", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "10.1.1" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "secure global desktop", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "5.6" }, { "model": "nessus agent", "scope": "gte", "trust": 1.0, "vendor": "tenable", "version": "8.2.1" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.12.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "14.0.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.1.1k" }, { "model": "ontap select deploy administration utility", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce guided search", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "mysql workbench", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.23" }, { "model": "sonicos", "scope": "lte", "trust": 1.0, "vendor": "sonicwall", "version": "7.0.1-r1456" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.0.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "windriver", "version": null }, { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.3.1.2" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "windriver", "version": "19.0" }, { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.3.5" }, { "model": "web gateway cloud service", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "8.2.19" }, { "model": "web gateway cloud service", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "9.2.10" }, { "model": "peoplesoft enterprise peopletools", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.57" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "12.0.0" }, { "model": "secure backup", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "18.1.0.1.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "mysql server", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.15" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "windriver", "version": "17.0" }, { "model": "santricity smi-s provider", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise manager for storage management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4.0.0" }, { "model": "mysql server", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.23" }, { "model": "jd edwards world security", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "a9.4" }, { "model": "email security", "scope": "lt", "trust": 1.0, "vendor": "sonicwall", "version": "10.0.11" }, { "model": "peoplesoft enterprise peopletools", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.59" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.1.1h" }, { "model": "cloud volumes ontap mediator", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 1.0, "vendor": "freebsd", "version": "12.2" }, { "model": "web gateway", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "10.1.1" }, { "model": "nessus agent", "scope": "lte", "trust": 1.0, "vendor": "tenable", "version": "8.2.3" }, { "model": "mysql connectors", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.23" }, { "model": "sma100", "scope": "lt", "trust": 1.0, "vendor": "sonicwall", "version": "10.2.1.0-17sv" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "12.22.1" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.11.1" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.12.1" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.13.0" }, { "model": "nessus", "scope": "lte", "trust": 1.0, "vendor": "tenable", "version": "8.13.1" }, { "model": "web gateway", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "9.2.10" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.11.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-3450" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.1k", "versionStartIncluding": "1.1.1h", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:santricity_smi-s_provider_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:storagegrid_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:storagegrid:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:windriver:linux:-:*:*:*:cd:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:windriver:linux:18.0:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:windriver:linux:19.0:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:windriver:linux:17.0:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:tenable:nessus_agent:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.3", "versionStartIncluding": "8.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.13.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.23", "versionStartIncluding": "8.0.15", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.7.33", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.23", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.23", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.6.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.23", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "18.1.0.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.59", "versionStartIncluding": "8.57", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway_cloud_service:10.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway_cloud_service:9.2.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway_cloud_service:8.2.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:10.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:9.2.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:8.2.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:sonicwall:sma100_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.2.1.0-17sv", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.0.1-r1456", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.11", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sonicwall:capture_client:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.6.24", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "15.14.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "14.16.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "12.22.1", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "10.24.1", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-3450" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163747" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "166279" }, { "db": "PACKETSTORM", "id": "162183" }, { "db": "PACKETSTORM", "id": "162337" }, { "db": "PACKETSTORM", "id": "162196" }, { "db": "PACKETSTORM", "id": "162201" }, { "db": "PACKETSTORM", "id": "164192" } ], "trust": 0.9 }, "cve": "CVE-2021-3450", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-388430", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2021-3450", "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-3450", "trust": 1.0, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-388430", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-3450", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-388430" }, { "db": "VULMON", "id": "CVE-2021-3450" }, { "db": "NVD", "id": "CVE-2021-3450" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. \nExploitation of these vulnerabilities could allow an malicious user to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html/release_notes/\n\nSecurity:\n\n* fastify-reply-from: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21321)\n\n* fastify-http-proxy: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21322)\n\n* nodejs-netmask: improper input validation of octal input data\n(CVE-2021-28918)\n\n* redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)\n\n* redis: Integer overflow via COPY command for large intsets\n(CVE-2021-29478)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n(CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing\n- -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing\nbcp47 tag (CVE-2020-28852)\n\n* nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)\n\n* oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)\n\n* redis: integer overflow when configurable limit for maximum supported\nbulk input size is too big on 32-bit platforms (CVE-2021-21309)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* nodejs-hosted-git-info: Regular Expression denial of service via\nshortcutMatch in fromUrl() (CVE-2021-23362)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with strict:true option (CVE-2021-23369)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with compat:true option (CVE-2021-23383)\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n(CVE-2021-23841)\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n(CVE-2021-27292)\n\n* grafana: snapshot feature allow an unauthenticated remote attacker to\ntrigger a DoS via a remote API call (CVE-2021-27358)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-netmask: incorrectly parses an IP address that has octal integer\nwith invalid character (CVE-2021-29418)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n(CVE-2021-29482)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\n* html-parse-stringify: Regular Expression DoS (CVE-2021-23346)\n\n* openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\nBugs:\n\n* RFE Make the source code for the endpoint-metrics-operator public (BZ#\n1913444)\n\n* cluster became offline after apiserver health check (BZ# 1942589)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension\n1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag\n1913444 - RFE Make the source code for the endpoint-metrics-operator public\n1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull\n1927520 - RHACM 2.3.0 images\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application\n1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call\n1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS\n1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service\n1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service\n1942589 - cluster became offline after apiserver health check\n1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()\n1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command\n1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets\n1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs\n1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method\n1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions\n1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id\n1983131 - Defragmenting an etcd member doesn\u0027t reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters\n\n5. \n\nBug fix:\n\n* RHACM 2.0.10 images (BZ #1940452)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1940452 - RHACM 2.0.10 images\n1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: OpenShift Container Platform 4.10.3 security update\nAdvisory ID: RHSA-2022:0056-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0056\nIssue date: 2022-03-10\nCVE Names: CVE-2014-3577 CVE-2016-10228 CVE-2017-14502 \n CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625 \n CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 \n CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 \n CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 \n CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 \n CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 \n CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 \n CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 \n CVE-2019-8846 CVE-2019-9169 CVE-2019-13050 \n CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 \n CVE-2019-19906 CVE-2019-20454 CVE-2019-20807 \n CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 \n CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 \n CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 \n CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 \n CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 \n CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 \n CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 \n CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 \n CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 \n CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 \n CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 \n CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 \n CVE-2020-25660 CVE-2020-25677 CVE-2020-27618 \n CVE-2020-27781 CVE-2020-29361 CVE-2020-29362 \n CVE-2020-29363 CVE-2021-3121 CVE-2021-3326 \n CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 \n CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 \n CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 \n CVE-2021-3733 CVE-2021-3749 CVE-2021-20305 \n CVE-2021-21684 CVE-2021-22946 CVE-2021-22947 \n CVE-2021-25215 CVE-2021-27218 CVE-2021-30666 \n CVE-2021-30761 CVE-2021-30762 CVE-2021-33928 \n CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 \n CVE-2021-36222 CVE-2021-37750 CVE-2021-39226 \n CVE-2021-41190 CVE-2021-43813 CVE-2021-44716 \n CVE-2021-44717 CVE-2022-0532 CVE-2022-21673 \n CVE-2022-24407 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.10.3 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.10.3. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2022:0055\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n* nodejs-axios: Regular expression denial of service in trim function\n(CVE-2021-3749)\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n* grafana: Forward OAuth Identity Token can allow users to access some data\nsources (CVE-2022-21673)\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-x86_64\n\nThe image digest is\nsha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-s390x\n\nThe image digest is\nsha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le\n\nThe image digest is\nsha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1808240 - Always return metrics value for pods under the user\u0027s namespace\n1815189 - feature flagged UI does not always become available after operator installation\n1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters\n1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly\n1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal\n1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered\n1878925 - \u0027oc adm upgrade --to ...\u0027 rejects versions which occur only in history, while the cluster-version operator supports history fallback\n1880738 - origin e2e test deletes original worker\n1882983 - oVirt csi driver should refuse to provision RWX and ROX PV\n1886450 - Keepalived router id check not documented for RHV/VMware IPI\n1889488 - The metrics endpoint for the Scheduler is not protected by RBAC\n1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom\n1896474 - Path based routing is broken for some combinations\n1897431 - CIDR support for additional network attachment with the bridge CNI plug-in\n1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes\n1907433 - Excessive logging in image operator\n1909906 - The router fails with PANIC error when stats port already in use\n1911173 - [MSTR-998] Many charts\u0027 legend names show {{}} instead of words\n1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting. \n1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true)\n1917893 - [ovirt] install fails: due to terraform error \"Cannot attach Virtual Disk: Disk is locked\" on vm resource\n1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1926522 - oc adm catalog does not clean temporary files\n1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes. \n1928141 - kube-storage-version-migrator constantly reporting type \"Upgradeable\" status Unknown\n1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it\u0027s storageclass is not yet finished, confusing users\n1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x\n1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade\n1937085 - RHV UPI inventory playbook missing guarantee_memory\n1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion\n1938236 - vsphere-problem-detector does not support overriding log levels via storage CR\n1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods\n1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer\n1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]\n1942913 - ThanosSidecarUnhealthy isn\u0027t resilient to WAL replays. \n1943363 - [ovn] CNO should gracefully terminate ovn-northd\n1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17\n1948080 - authentication should not set Available=False APIServices_Error with 503s\n1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set\n1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0\n1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer\n1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs\n1953264 - \"remote error: tls: bad certificate\" logs in prometheus-operator container\n1955300 - Machine config operator reports unavailable for 23m during upgrade\n1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set\n1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set\n1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters\n1956496 - Needs SR-IOV Docs Upstream\n1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret\n1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid\n1956964 - upload a boot-source to OpenShift virtualization using the console\n1957547 - [RFE]VM name is not auto filled in dev console\n1958349 - ovn-controller doesn\u0027t release the memory after cluster-density run\n1959352 - [scale] failed to get pod annotation: timed out waiting for annotations\n1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not\n1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]\n1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects\n1961391 - String updates\n1961509 - DHCP daemon pod should have CPU and memory requests set but not limits\n1962066 - Edit machine/machineset specs not working\n1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent\n1963053 - `oc whoami --show-console` should show the web console URL, not the server api URL\n1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters\n1964327 - Support containers with name:tag@digest\n1964789 - Send keys and disconnect does not work for VNC console\n1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7\n1966445 - Unmasking a service doesn\u0027t work if it masked using MCO\n1966477 - Use GA version in KAS/OAS/OauthAS to avoid: \"audit.k8s.io/v1beta1\" is deprecated and will be removed in a future release, use \"audit.k8s.io/v1\" instead\n1966521 - kube-proxy\u0027s userspace implementation consumes excessive CPU\n1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up\n1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount\n1970218 - MCO writes incorrect file contents if compression field is specified\n1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel]\n1970805 - Cannot create build when docker image url contains dir structure\n1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io\n1972827 - image registry does not remain available during upgrade\n1972962 - Should set the minimum value for the `--max-icsp-size` flag of `oc adm catalog mirror`\n1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run\n1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established\n1976301 - [ci] e2e-azure-upi is permafailing\n1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change. \n1976674 - CCO didn\u0027t set Upgradeable to False when cco mode is configured to Manual on azure platform\n1976894 - Unidling a StatefulSet does not work as expected\n1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases\n1977414 - Build Config timed out waiting for condition 400: Bad Request\n1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus\n1978528 - systemd-coredump started and failed intermittently for unknown reasons\n1978581 - machine-config-operator: remove runlevel from mco namespace\n1979562 - Cluster operators: don\u0027t show messages when neither progressing, degraded or unavailable\n1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9\n1979966 - OCP builds always fail when run on RHEL7 nodes\n1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading\n1981549 - Machine-config daemon does not recover from broken Proxy configuration\n1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel]\n1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues\n1982063 - \u0027Control Plane\u0027 is not translated in Simplified Chinese language in Home-\u003eOverview page\n1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands\n1982662 - Workloads - DaemonSets - Add storage: i18n misses\n1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE \"*/secrets/encryption-config\" on single node clusters\n1983758 - upgrades are failing on disruptive tests\n1983964 - Need Device plugin configuration for the NIC \"needVhostNet\" \u0026 \"isRdma\"\n1984592 - global pull secret not working in OCP4.7.4+ for additional private registries\n1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs\n1985486 - Cluster Proxy not used during installation on OSP with Kuryr\n1985724 - VM Details Page missing translations\n1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted\n1985933 - Downstream image registry recommendation\n1985965 - oVirt CSI driver does not report volume stats\n1986216 - [scale] SNO: Slow Pod recovery due to \"timed out waiting for OVS port binding\"\n1986237 - \"MachineNotYetDeleted\" in Pending state , alert not fired\n1986239 - crictl create fails with \"PID namespace requested, but sandbox infra container invalid\"\n1986302 - console continues to fetch prometheus alert and silences for normal user\n1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI\n1986338 - error creating list of resources in Import YAML\n1986502 - yaml multi file dnd duplicates previous dragged files\n1986819 - fix string typos for hot-plug disks\n1987044 - [OCPV48] Shutoff VM is being shown as \"Starting\" in WebUI when using spec.runStrategy Manual/RerunOnFailure\n1987136 - Declare operatorframework.io/arch.* labels for all operators\n1987257 - Go-http-client user-agent being used for oc adm mirror requests\n1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold\n1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP\n1988406 - SSH key dropped when selecting \"Customize virtual machine\" in UI\n1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade\n1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with \"Unable to connect to the server\"\n1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs\n1989438 - expected replicas is wrong\n1989502 - Developer Catalog is disappearing after short time\n1989843 - \u0027More\u0027 and \u0027Show Less\u0027 functions are not translated on several page\n1990014 - oc debug \u003cpod-name\u003e does not work for Windows pods\n1990190 - e2e testing failed with basic manifest: reason/ExternalProvisioning waiting for a volume to be created\n1990193 - \u0027more\u0027 and \u0027Show Less\u0027 is not being translated on Home -\u003e Search page\n1990255 - Partial or all of the Nodes/StorageClasses don\u0027t appear back on UI after text is removed from search bar\n1990489 - etcdHighNumberOfFailedGRPCRequests fires only on metal env in CI\n1990506 - Missing udev rules in initramfs for /dev/disk/by-id/scsi-* symlinks\n1990556 - get-resources.sh doesn\u0027t honor the no_proxy settings even with no_proxy var\n1990625 - Ironic agent registers with SLAAC address with privacy-stable\n1990635 - CVO does not recognize the channel change if desired version and channel changed at the same time\n1991067 - github.com can not be resolved inside pods where cluster is running on openstack. \n1991573 - Enable typescript strictNullCheck on network-policies files\n1991641 - Baremetal Cluster Operator still Available After Delete Provisioning\n1991770 - The logLevel and operatorLogLevel values do not work with Cloud Credential Operator\n1991819 - Misspelled word \"ocurred\" in oc inspect cmd\n1991942 - Alignment and spacing fixes\n1992414 - Two rootdisks show on storage step if \u0027This is a CD-ROM boot source\u0027 is checked\n1992453 - The configMap failed to save on VM environment tab\n1992466 - The button \u0027Save\u0027 and \u0027Reload\u0027 are not translated on vm environment tab\n1992475 - The button \u0027Open console in New Window\u0027 and \u0027Disconnect\u0027 are not translated on vm console tab\n1992509 - Could not customize boot source due to source PVC not found\n1992541 - all the alert rules\u0027 annotations \"summary\" and \"description\" should comply with the OpenShift alerting guidelines\n1992580 - storageProfile should stay with the same value by check/uncheck the apply button\n1992592 - list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply\n1992777 - [IBMCLOUD] Default \"ibm_iam_authorization_policy\" is not working as expected in all scenarios\n1993364 - cluster destruction fails to remove router in BYON with Kuryr as primary network (even after BZ 1940159 got fixed)\n1993376 - periodic-ci-openshift-release-master-ci-4.6-upgrade-from-stable-4.5-e2e-azure-upgrade is permfailing\n1994094 - Some hardcodes are detected at the code level in OpenShift console components\n1994142 - Missing required cloud config fields for IBM Cloud\n1994733 - MetalLB: IP address is not assigned to service if there is duplicate IP address in two address pools\n1995021 - resolv.conf and corefile sync slows down/stops after keepalived container restart\n1995335 - [SCALE] ovnkube CNI: remove ovs flows check\n1995493 - Add Secret to workload button and Actions button are not aligned on secret details page\n1995531 - Create RDO-based Ironic image to be promoted to OKD\n1995545 - Project drop-down amalgamates inside main screen while creating storage system for odf-operator\n1995887 - [OVN]After reboot egress node, lr-policy-list was not correct, some duplicate records or missed internal IPs\n1995924 - CMO should report `Upgradeable: false` when HA workload is incorrectly spread\n1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole\n1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN\n1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down\n1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page\n1996647 - Provide more useful degraded message in auth operator on DNS errors\n1996736 - Large number of 501 lr-policies in INCI2 env\n1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes\n1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP\n1996928 - Enable default operator indexes on ARM\n1997028 - prometheus-operator update removes env var support for thanos-sidecar\n1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used\n1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller. \n1997245 - \"Subscription already exists in openshift-storage namespace\" error message is seen while installing odf-operator via UI\n1997269 - Have to refresh console to install kube-descheduler\n1997478 - Storage operator is not available after reboot cluster instances\n1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n1997967 - storageClass is not reserved from default wizard to customize wizard\n1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order\n1998038 - [e2e][automation] add tests for UI for VM disk hot-plug\n1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus\n1998174 - Create storageclass gp3-csi after install ocp cluster on aws\n1998183 - \"r: Bad Gateway\" info is improper\n1998235 - Firefox warning: Cookie \u201ccsrf-token\u201d will be soon rejected\n1998377 - Filesystem table head is not full displayed in disk tab\n1998378 - Virtual Machine is \u0027Not available\u0027 in Home -\u003e Overview -\u003e Cluster inventory\n1998519 - Add fstype when create localvolumeset instance on web console\n1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses\n1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page\n1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable\n1999091 - Console update toast notification can appear multiple times\n1999133 - removing and recreating static pod manifest leaves pod in error state\n1999246 - .indexignore is not ingore when oc command load dc configuration\n1999250 - ArgoCD in GitOps operator can\u0027t manage namespaces\n1999255 - ovnkube-node always crashes out the first time it starts\n1999261 - ovnkube-node log spam (and security token leak?)\n1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -\u003e Operator Installation page\n1999314 - console-operator is slow to mark Degraded as False once console starts working\n1999425 - kube-apiserver with \"[SHOULD NOT HAPPEN] failed to update managedFields\" err=\"failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck)\n1999556 - \"master\" pool should be updated before the CVO reports available at the new version occurred\n1999578 - AWS EFS CSI tests are constantly failing\n1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages\n1999619 - cloudinit is malformatted if a user sets a password during VM creation flow\n1999621 - Empty ssh_authorized_keys entry is added to VM\u0027s cloudinit if created from a customize flow\n1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined\n1999668 - openshift-install destroy cluster panic\u0027s when given invalid credentials to cloud provider (Azure Stack Hub)\n1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource\n1999771 - revert \"force cert rotation every couple days for development\" in 4.10\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n1999796 - Openshift Console `Helm` tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace. \n1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions\n1999903 - Click \"This is a CD-ROM boot source\" ticking \"Use template size PVC\" on pvc upload form\n1999983 - No way to clear upload error from template boot source\n2000081 - [IPI baremetal] The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter\n2000096 - Git URL is not re-validated on edit build-config form reload\n2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig\n2000236 - Confusing usage message from dynkeepalived CLI\n2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported\n2000430 - bump cluster-api-provider-ovirt version in installer\n2000450 - 4.10: Enable static PV multi-az test\n2000490 - All critical alerts shipped by CMO should have links to a runbook\n2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded)\n2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster\n2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled\n2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console\n2000754 - IPerf2 tests should be lower\n2000846 - Structure logs in the entire codebase of Local Storage Operator\n2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24\n2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM\n2000938 - CVO does not respect changes to a Deployment strategy\n2000963 - \u0027Inline-volume (default fs)] volumes should store data\u0027 tests are failing on OKD with updated selinux-policy\n2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don\u0027t have snapshot and should be fullClone\n2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole\n2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api\n2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error\n2001337 - Details Card in ODF Dashboard mentions OCS\n2001339 - fix text content hotplug\n2001413 - [e2e][automation] add/delete nic and disk to template\n2001441 - Test: oc adm must-gather runs successfully for audit logs - fail due to startup log\n2001442 - Empty termination.log file for the kube-apiserver has too permissive mode\n2001479 - IBM Cloud DNS unable to create/update records\n2001566 - Enable alerts for prometheus operator in UWM\n2001575 - Clicking on the perspective switcher shows a white page with loader\n2001577 - Quick search placeholder is not displayed properly when the search string is removed\n2001578 - [e2e][automation] add tests for vm dashboard tab\n2001605 - PVs remain in Released state for a long time after the claim is deleted\n2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options\n2001620 - Cluster becomes degraded if it can\u0027t talk to Manila\n2001760 - While creating \u0027Backing Store\u0027, \u0027Bucket Class\u0027, \u0027Namespace Store\u0027 user is navigated to \u0027Installed Operators\u0027 page after clicking on ODF\n2001761 - Unable to apply cluster operator storage for SNO on GCP platform. \n2001765 - Some error message in the log of diskmaker-manager caused confusion\n2001784 - show loading page before final results instead of showing a transient message No log files exist\n2001804 - Reload feature on Environment section in Build Config form does not work properly\n2001810 - cluster admin unable to view BuildConfigs in all namespaces\n2001817 - Failed to load RoleBindings list that will lead to \u2018Role name\u2019 is not able to be selected on Create RoleBinding page as well\n2001823 - OCM controller must update operator status\n2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start\n2001835 - Could not select image tag version when create app from dev console\n2001855 - Add capacity is disabled for ocs-storagecluster\n2001856 - Repeating event: MissingVersion no image found for operand pod\n2001959 - Side nav list borders don\u0027t extend to edges of container\n2002007 - Layout issue on \"Something went wrong\" page\n2002010 - ovn-kube may never attempt to retry a pod creation\n2002012 - Cannot change volume mode when cloning a VM from a template\n2002027 - Two instances of Dotnet helm chart show as one in topology\n2002075 - opm render does not automatically pulling in the image(s) used in the deployments\n2002121 - [OVN] upgrades failed for IPI OSP16 OVN IPSec cluster\n2002125 - Network policy details page heading should be updated to Network Policy details\n2002133 - [e2e][automation] add support/virtualization and improve deleteResource\n2002134 - [e2e][automation] add test to verify vm details tab\n2002215 - Multipath day1 not working on s390x\n2002238 - Image stream tag is not persisted when switching from yaml to form editor\n2002262 - [vSphere] Incorrect user agent in vCenter sessions list\n2002266 - SinkBinding create form doesn\u0027t allow to use subject name, instead of label selector\n2002276 - OLM fails to upgrade operators immediately\n2002300 - Altering the Schedule Profile configurations doesn\u0027t affect the placement of the pods\n2002354 - Missing DU configuration \"Done\" status reporting during ZTP flow\n2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn\u0027t use commonjs\n2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation\n2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN\n2002397 - Resources search is inconsistent\n2002434 - CRI-O leaks some children PIDs\n2002443 - Getting undefined error on create local volume set page\n2002461 - DNS operator performs spurious updates in response to API\u0027s defaulting of service\u0027s internalTrafficPolicy\n2002504 - When the openshift-cluster-storage-operator is degraded because of \"VSphereProblemDetectorController_SyncError\", the insights operator is not sending the logs from all pods. \n2002559 - User preference for topology list view does not follow when a new namespace is created\n2002567 - Upstream SR-IOV worker doc has broken links\n2002588 - Change text to be sentence case to align with PF\n2002657 - ovn-kube egress IP monitoring is using a random port over the node network\n2002713 - CNO: OVN logs should have millisecond resolution\n2002748 - [ICNI2] \u0027ErrorAddingLogicalPort\u0027 failed to handle external GW check: timeout waiting for namespace event\n2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite\n2002763 - Two storage systems getting created with external mode RHCS\n2002808 - KCM does not use web identity credentials\n2002834 - Cluster-version operator does not remove unrecognized volume mounts\n2002896 - Incorrect result return when user filter data by name on search page\n2002950 - Why spec.containers.command is not created with \"oc create deploymentconfig \u003cdc-name\u003e --image=\u003cimage\u003e -- \u003ccommand\u003e\"\n2003096 - [e2e][automation] check bootsource URL is displaying on review step\n2003113 - OpenShift Baremetal IPI installer uses first three defined nodes under hosts in install-config for master nodes instead of filtering the hosts with the master role\n2003120 - CI: Uncaught error with ResizeObserver on operand details page\n2003145 - Duplicate operand tab titles causes \"two children with the same key\" warning\n2003164 - OLM, fatal error: concurrent map writes\n2003178 - [FLAKE][knative] The UI doesn\u0027t show updated traffic distribution after accepting the form\n2003193 - Kubelet/crio leaks netns and veth ports in the host\n2003195 - OVN CNI should ensure host veths are removed\n2003204 - Jenkins all new container images (openshift4/ose-jenkins) not supporting \u0027-e JENKINS_PASSWORD=password\u0027 ENV which was working for old container images\n2003206 - Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace\n2003239 - \"[sig-builds][Feature:Builds][Slow] can use private repositories as build input\" tests fail outside of CI\n2003244 - Revert libovsdb client code\n2003251 - Patternfly components with list element has list item bullet when they should not. \n2003252 - \"[sig-builds][Feature:Builds][Slow] starting a build using CLI start-build test context override environment BUILD_LOGLEVEL in buildconfig\" tests do not work as expected outside of CI\n2003269 - Rejected pods should be filtered from admission regression\n2003357 - QE- Removing the epic tags for gherkin tags related to 4.9 Release\n2003426 - [e2e][automation] add test for vm details bootorder\n2003496 - [e2e][automation] add test for vm resources requirment settings\n2003641 - All metal ipi jobs are failing in 4.10\n2003651 - ODF4.9+LSO4.8 installation via UI, StorageCluster move to error state\n2003655 - [IPI ON-PREM] Keepalived chk_default_ingress track script failed even though default router pod runs on node\n2003683 - Samples operator is panicking in CI\n2003711 - [UI] Empty file ceph-external-cluster-details-exporter.py downloaded from external cluster \"Connection Details\" page\n2003715 - Error on creating local volume set after selection of the volume mode\n2003743 - Remove workaround keeping /boot RW for kdump support\n2003775 - etcd pod on CrashLoopBackOff after master replacement procedure\n2003788 - CSR reconciler report error constantly when BYOH CSR approved by other Approver\n2003792 - Monitoring metrics query graph flyover panel is useless\n2003808 - Add Sprint 207 translations\n2003845 - Project admin cannot access image vulnerabilities view\n2003859 - sdn emits events with garbage messages\n2003896 - (release-4.10) ApiRequestCounts conditional gatherer\n2004009 - 4.10: Fix multi-az zone scheduling e2e for 5 control plane replicas\n2004051 - CMO can report as being Degraded while node-exporter is deployed on all nodes\n2004059 - [e2e][automation] fix current tests for downstream\n2004060 - Trying to use basic spring boot sample causes crash on Firefox\n2004101 - [UI] When creating storageSystem deployment type dropdown under advanced setting doesn\u0027t close after selection\n2004127 - [flake] openshift-controller-manager event reason/SuccessfulDelete occurs too frequently\n2004203 - build config\u0027s created prior to 4.8 with image change triggers can result in trigger storm in OCM/openshift-apiserver\n2004313 - [RHOCP 4.9.0-rc.0] Failing to deploy Azure cluster from the macOS installer - ignition_bootstrap.ign: no such file or directory\n2004449 - Boot option recovery menu prevents image boot\n2004451 - The backup filename displayed in the RecentBackup message is incorrect\n2004459 - QE - Modified the AddFlow gherkin scripts and automation scripts\n2004508 - TuneD issues with the recent ConfigParser changes. \n2004510 - openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions\n2004542 - [osp][octavia lb] cannot create LoadBalancer type svcs\n2004578 - Monitoring and node labels missing for an external storage platform\n2004585 - prometheus-k8s-0 cpu usage keeps increasing for the first 3 days\n2004596 - [4.10] Bootimage bump tracker\n2004597 - Duplicate ramdisk log containers running\n2004600 - Duplicate ramdisk log containers running\n2004609 - output of \"crictl inspectp\" is not complete\n2004625 - BMC credentials could be logged if they change\n2004632 - When LE takes a large amount of time, multiple whereabouts are seen\n2004721 - ptp/worker custom threshold doesn\u0027t change ptp events threshold\n2004736 - [knative] Create button on new Broker form is inactive despite form being filled\n2004796 - [e2e][automation] add test for vm scheduling policy\n2004814 - (release-4.10) OCM controller - change type of the etc-pki-entitlement secret to opaque\n2004870 - [External Mode] Insufficient spacing along y-axis in RGW Latency Performance Card\n2004901 - [e2e][automation] improve kubevirt devconsole tests\n2004962 - Console frontend job consuming too much CPU in CI\n2005014 - state of ODF StorageSystem is misreported during installation or uninstallation\n2005052 - Adding a MachineSet selector matchLabel causes orphaned Machines\n2005179 - pods status filter is not taking effect\n2005182 - sync list of deprecated apis about to be removed\n2005282 - Storage cluster name is given as title in StorageSystem details page\n2005355 - setuptools 58 makes Kuryr CI fail\n2005407 - ClusterNotUpgradeable Alert should be set to Severity Info\n2005415 - PTP operator with sidecar api configured throws bind: address already in use\n2005507 - SNO spoke cluster failing to reach coreos.live.rootfs_url is missing url in console\n2005554 - The switch status of the button \"Show default project\" is not revealed correctly in code\n2005581 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable\n2005761 - QE - Implementing crw-basic feature file\n2005783 - Fix accessibility issues in the \"Internal\" and \"Internal - Attached Mode\" Installation Flow\n2005811 - vSphere Problem Detector operator - ServerFaultCode: InvalidProperty\n2005854 - SSH NodePort service is created for each VM\n2005901 - KS, KCM and KA going Degraded during master nodes upgrade\n2005902 - Current UI flow for MCG only deployment is confusing and doesn\u0027t reciprocate any message to the end-user\n2005926 - PTP operator NodeOutOfPTPSync rule is using max offset from the master instead of openshift_ptp_clock_state metrics\n2005971 - Change telemeter to report the Application Services product usage metrics\n2005997 - SELinux domain container_logreader_t does not have a policy to follow sym links for log files\n2006025 - Description to use an existing StorageClass while creating StorageSystem needs to be re-phrased\n2006060 - ocs-storagecluster-storagesystem details are missing on UI for MCG Only and MCG only in LSO mode deployment types\n2006101 - Power off fails for drivers that don\u0027t support Soft power off\n2006243 - Metal IPI upgrade jobs are running out of disk space\n2006291 - bootstrapProvisioningIP set incorrectly when provisioningNetworkCIDR doesn\u0027t use the 0th address\n2006308 - Backing Store YAML tab on click displays a blank screen on UI\n2006325 - Multicast is broken across nodes\n2006329 - Console only allows Web Terminal Operator to be installed in OpenShift Operators\n2006364 - IBM Cloud: Set resourceGroupId for resourceGroups, not simply resource\n2006561 - [sig-instrumentation] Prometheus when installed on the cluster shouldn\u0027t have failing rules evaluation [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2006690 - OS boot failure \"x64 Exception Type 06 - Invalid Opcode Exception\"\n2006714 - add retry for etcd errors in kube-apiserver\n2006767 - KubePodCrashLooping may not fire\n2006803 - Set CoreDNS cache entries for forwarded zones\n2006861 - Add Sprint 207 part 2 translations\n2006945 - race condition can cause crashlooping bootstrap kube-apiserver in cluster-bootstrap\n2006947 - e2e-aws-proxy for 4.10 is permafailing with samples operator errors\n2006975 - clusteroperator/etcd status condition should not change reasons frequently due to EtcdEndpointsDegraded\n2007085 - Intermittent failure mounting /run/media/iso when booting live ISO from USB stick\n2007136 - Creation of BackingStore, BucketClass, NamespaceStore fails\n2007271 - CI Integration for Knative test cases\n2007289 - kubevirt tests are failing in CI\n2007322 - Devfile/Dockerfile import does not work for unsupported git host\n2007328 - Updated patternfly to v4.125.3 and pf.quickstarts to v1.2.3. \n2007379 - Events are not generated for master offset for ordinary clock\n2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace\n2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address\n2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error\n2007522 - No new local-storage-operator-metadata-container is build for 4.10\n2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10\n2007580 - Azure cilium installs are failing e2e tests\n2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10\n2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes\n2007692 - 4.9 \"old-rhcos\" jobs are permafailing with storage test failures\n2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow\n2007757 - must-gather extracts imagestreams in the \"openshift\" namespace, but not Templates\n2007802 - AWS machine actuator get stuck if machine is completely missing\n2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator\n2008119 - The serviceAccountIssuer field on Authentication CR is reseted to \u201c\u201d when installation process\n2008151 - Topology breaks on clicking in empty state\n2008185 - Console operator go.mod should use go 1.16.version\n2008201 - openstack-az job is failing on haproxy idle test\n2008207 - vsphere CSI driver doesn\u0027t set resource limits\n2008223 - gather_audit_logs: fix oc command line to get the current audit profile\n2008235 - The Save button in the Edit DC form remains disabled\n2008256 - Update Internationalization README with scope info\n2008321 - Add correct documentation link for MON_DISK_LOW\n2008462 - Disable PodSecurity feature gate for 4.10\n2008490 - Backing store details page does not contain all the kebab actions. \n2008521 - gcp-hostname service should correct invalid search entries in resolv.conf\n2008532 - CreateContainerConfigError:: failed to prepare subPath for volumeMount\n2008539 - Registry doesn\u0027t fall back to secondary ImageContentSourcePolicy Mirror\n2008540 - HighlyAvailableWorkloadIncorrectlySpread always fires on upgrade on cluster with two workers\n2008599 - Azure Stack UPI does not have Internal Load Balancer\n2008612 - Plugin asset proxy does not pass through browser cache headers\n2008712 - VPA webhook timeout prevents all pods from starting\n2008733 - kube-scheduler: exposed /debug/pprof port\n2008911 - Prometheus repeatedly scaling prometheus-operator replica set\n2008926 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]\n2008987 - OpenShift SDN Hosted Egress IP\u0027s are not being scheduled to nodes after upgrade to 4.8.12\n2009055 - Instances of OCS to be replaced with ODF on UI\n2009078 - NetworkPodsCrashLooping alerts in upgrade CI jobs\n2009083 - opm blocks pruning of existing bundles during add\n2009111 - [IPI-on-GCP] \u0027Install a cluster with nested virtualization enabled\u0027 failed due to unable to launch compute instances\n2009131 - [e2e][automation] add more test about vmi\n2009148 - [e2e][automation] test vm nic presets and options\n2009233 - ACM policy object generated by PolicyGen conflicting with OLM Operator\n2009253 - [BM] [IPI] [DualStack] apiVIP and ingressVIP should be of the same primary IP family\n2009298 - Service created for VM SSH access is not owned by the VM and thus is not deleted if the VM is deleted\n2009384 - UI changes to support BindableKinds CRD changes\n2009404 - ovnkube-node pod enters CrashLoopBackOff after OVN_IMAGE is swapped\n2009424 - Deployment upgrade is failing availability check\n2009454 - Change web terminal subscription permissions from get to list\n2009465 - container-selinux should come from rhel8-appstream\n2009514 - Bump OVS to 2.16-15\n2009555 - Supermicro X11 system not booting from vMedia with AI\n2009623 - Console: Observe \u003e Metrics page: Table pagination menu shows bullet points\n2009664 - Git Import: Edit of knative service doesn\u0027t work as expected for git import flow\n2009699 - Failure to validate flavor RAM\n2009754 - Footer is not sticky anymore in import forms\n2009785 - CRI-O\u0027s version file should be pinned by MCO\n2009791 - Installer: ibmcloud ignores install-config values\n2009823 - [sig-arch] events should not repeat pathologically - reason/VSphereOlderVersionDetected Marking cluster un-upgradeable because one or more VMs are on hardware version vmx-13\n2009840 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo\n2009859 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests\n2009873 - Stale Logical Router Policies and Annotations for a given node\n2009879 - There should be test-suite coverage to ensure admin-acks work as expected\n2009888 - SRO package name collision between official and community version\n2010073 - uninstalling and then reinstalling sriov-network-operator is not working\n2010174 - 2 PVs get created unexpectedly with different paths that actually refer to the same device on the node. \n2010181 - Environment variables not getting reset on reload on deployment edit form\n2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2010341 - OpenShift Alerting Rules Style-Guide Compliance\n2010342 - Local console builds can have out of memory errors\n2010345 - OpenShift Alerting Rules Style-Guide Compliance\n2010348 - Reverts PIE build mode for K8S components\n2010352 - OpenShift Alerting Rules Style-Guide Compliance\n2010354 - OpenShift Alerting Rules Style-Guide Compliance\n2010359 - OpenShift Alerting Rules Style-Guide Compliance\n2010368 - OpenShift Alerting Rules Style-Guide Compliance\n2010376 - OpenShift Alerting Rules Style-Guide Compliance\n2010662 - Cluster is unhealthy after image-registry-operator tests\n2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent)\n2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API\n2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address\n2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing\n2010864 - Failure building EFS operator\n2010910 - ptp worker events unable to identify interface for multiple interfaces\n2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24\n2010921 - Azure Stack Hub does not handle additionalTrustBundle\n2010931 - SRO CSV uses non default category \"Drivers and plugins\"\n2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well. \n2011038 - optional operator conditions are confusing\n2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass\n2011171 - diskmaker-manager constantly redeployed by LSO when creating LV\u0027s\n2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image\n2011368 - Tooltip in pipeline visualization shows misleading data\n2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels\n2011411 - Managed Service\u0027s Cluster overview page contains link to missing Storage dashboards\n2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster\n2011513 - Kubelet rejects pods that use resources that should be freed by completed pods\n2011668 - Machine stuck in deleting phase in VMware \"reconciler failed to Delete machine\"\n2011693 - (release-4.10) \"insightsclient_request_recvreport_total\" metric is always incremented\n2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn\u0027t export namespace labels anymore\n2011733 - Repository README points to broken documentarion link\n2011753 - Ironic resumes clean before raid configuration job is actually completed\n2011809 - The nodes page in the openshift console doesn\u0027t work. You just get a blank page\n2011822 - Obfuscation doesn\u0027t work at clusters with OVN\n2011882 - SRO helm charts not synced with templates\n2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot\n2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages\n2011903 - vsphere-problem-detector: session leak\n2011927 - OLM should allow users to specify a proxy for GRPC connections\n2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods\n2011960 - [tracker] Storage operator is not available after reboot cluster instances\n2011971 - ICNI2 pods are stuck in ContainerCreating state\n2011972 - Ingress operator not creating wildcard route for hypershift clusters\n2011977 - SRO bundle references non-existent image\n2012069 - Refactoring Status controller\n2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI\n2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group\n2012233 - [IBMCLOUD] IPI: \"Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)\"\n2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig\n2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off\n2012407 - [e2e][automation] improve vm tab console tests\n2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don\u0027t have namespace label\n2012562 - migration condition is not detected in list view\n2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written\n2012780 - The port 50936 used by haproxy is occupied by kube-apiserver\n2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working\n2012902 - Neutron Ports assigned to Completed Pods are not reused Edit\n2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack\n2012971 - Disable operands deletes\n2013034 - Cannot install to openshift-nmstate namespace\n2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine)\n2013199 - post reboot of node SRIOV policy taking huge time\n2013203 - UI breaks when trying to create block pool before storage cluster/system creation\n2013222 - Full breakage for nightly payload promotion\n2013273 - Nil pointer exception when phc2sys options are missing\n2013321 - TuneD: high CPU utilization of the TuneD daemon. \n2013416 - Multiple assets emit different content to the same filename\n2013431 - Application selector dropdown has incorrect font-size and positioning\n2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8\n2013545 - Service binding created outside topology is not visible\n2013599 - Scorecard support storage is not included in ocp4.9\n2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide)\n2013646 - fsync controller will show false positive if gaps in metrics are observed. \n2013710 - ZTP Operator subscriptions for 4.9 release branch should point to 4.9 by default\n2013751 - Service details page is showing wrong in-cluster hostname\n2013787 - There are two tittle \u0027Network Attachment Definition Details\u0027 on NAD details page\n2013871 - Resource table headings are not aligned with their column data\n2013895 - Cannot enable accelerated network via MachineSets on Azure\n2013920 - \"--collector.filesystem.ignored-mount-points is DEPRECATED and will be removed in 2.0.0, use --collector.filesystem.mount-points-exclude\"\n2013930 - Create Buttons enabled for Bucket Class, Backingstore and Namespace Store in the absence of Storagesystem(or MCG)\n2013969 - oVIrt CSI driver fails on creating PVCs on hosted engine storage domain\n2013990 - Observe dashboard crashs on reload when perspective has changed (in another tab)\n2013996 - Project detail page: Action \"Delete Project\" does nothing for the default project\n2014071 - Payload imagestream new tags not properly updated during cluster upgrade\n2014153 - SRIOV exclusive pooling\n2014202 - [OCP-4.8.10] OVN-Kubernetes: service IP is not responding when egressIP set to the namespace\n2014238 - AWS console test is failing on importing duplicate YAML definitions\n2014245 - Several aria-labels, external links, and labels aren\u0027t internationalized\n2014248 - Several files aren\u0027t internationalized\n2014352 - Could not filter out machine by using node name on machines page\n2014464 - Unexpected spacing/padding below navigation groups in developer perspective\n2014471 - Helm Release notes tab is not automatically open after installing a chart for other languages\n2014486 - Integration Tests: OLM single namespace operator tests failing\n2014488 - Custom operator cannot change orders of condition tables\n2014497 - Regex slows down different forms and creates too much recursion errors in the log\n2014538 - Kuryr controller crash looping on self._get_vip_port(loadbalancer).id \u0027NoneType\u0027 object has no attribute \u0027id\u0027\n2014614 - Metrics scraping requests should be assigned to exempt priority level\n2014710 - TestIngressStatus test is broken on Azure\n2014954 - The prometheus-k8s-{0,1} pods are CrashLoopBackoff repeatedly\n2014995 - oc adm must-gather cannot gather audit logs with \u0027None\u0027 audit profile\n2015115 - [RFE] PCI passthrough\n2015133 - [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl \u0027--resource-group-name\u0027 parameter\n2015154 - Support ports defined networks and primarySubnet\n2015274 - Yarn dev fails after updates to dynamic plugin JSON schema logic\n2015337 - 4.9.0 GA MetalLB operator image references need to be adjusted to match production\n2015386 - Possibility to add labels to the built-in OCP alerts\n2015395 - Table head on Affinity Rules modal is not fully expanded\n2015416 - CI implementation for Topology plugin\n2015418 - Project Filesystem query returns No datapoints found\n2015420 - No vm resource in project view\u0027s inventory\n2015422 - No conflict checking on snapshot name\n2015472 - Form and YAML view switch button should have distinguishable status\n2015481 - [4.10] sriov-network-operator daemon pods are failing to start\n2015493 - Cloud Controller Manager Operator does not respect \u0027additionalTrustBundle\u0027 setting\n2015496 - Storage - PersistentVolumes : Claim colum value \u0027No Claim\u0027 in English\n2015498 - [UI] Add capacity when not applicable (for MCG only deployment and External mode cluster) fails to pass any info. to user and tries to just load a blank screen on \u0027Add Capacity\u0027 button click\n2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu\n2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain. \n2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart \u0027x% used\u0027 is in English\n2015549 - Observe - Metrics: Column heading and pagination text is in English\n2015557 - Workloads - DeploymentConfigs : Error message is in English\n2015568 - Compute - Nodes : CPU column\u0027s values are in English\n2015635 - Storage operator fails causing installation to fail on ASH\n2015660 - \"Finishing boot source customization\" screen should not use term \"patched\"\n2015793 - [hypershift] The collect-profiles job\u0027s pods should run on the control-plane node\n2015806 - Metrics view in Deployment reports \"Forbidden\" when not cluster-admin\n2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning\n2015837 - OS_CLOUD overwrites install-config\u0027s platform.openstack.cloud\n2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch\n2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail\n2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed)\n2016008 - [4.10] Bootimage bump tracker\n2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver\n2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator\n2016054 - No e2e CI presubmit configured for release component cluster-autoscaler\n2016055 - No e2e CI presubmit configured for release component console\n2016058 - openshift-sync does not synchronise in \"ose-jenkins:v4.8\"\n2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager\n2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers\n2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters. \n2016179 - Add Sprint 208 translations\n2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager\n2016235 - should update to 7.5.11 for grafana resources version label\n2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails\n2016334 - shiftstack: SRIOV nic reported as not supported\n2016352 - Some pods start before CA resources are present\n2016367 - Empty task box is getting created for a pipeline without finally task\n2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts\n2016438 - Feature flag gating is missing in few extensions contributed via knative plugin\n2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc\n2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets\n2016453 - Complete i18n for GaugeChart defaults\n2016479 - iface-id-ver is not getting updated for existing lsp\n2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear\n2016951 - dynamic actions list is not disabling \"open console\" for stopped vms\n2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available\n2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances\n2017016 - [REF] Virtualization menu\n2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn\n2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly\n2017130 - t is not a function error navigating to details page\n2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue\n2017244 - ovirt csi operator static files creation is in the wrong order\n2017276 - [4.10] Volume mounts not created with the correct security context\n2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed. \n2017427 - NTO does not restart TuneD daemon when profile application is taking too long\n2017535 - Broken Argo CD link image on GitOps Details Page\n2017547 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references\n2017564 - On-prem prepender dispatcher script overwrites DNS search settings\n2017565 - CCMO does not handle additionalTrustBundle on Azure Stack\n2017566 - MetalLB: Web Console -Create Address pool form shows address pool name twice\n2017606 - [e2e][automation] add test to verify send key for VNC console\n2017650 - [OVN]EgressFirewall cannot be applied correctly if cluster has windows nodes\n2017656 - VM IP address is \"undefined\" under VM details -\u003e ssh field\n2017663 - SSH password authentication is disabled when public key is not supplied\n2017680 - [gcp] Couldn\u2019t enable support for instances with GPUs on GCP\n2017732 - [KMS] Prevent creation of encryption enabled storageclass without KMS connection set\n2017752 - (release-4.10) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource\n2017756 - overlaySize setting on containerruntimeconfig is ignored due to cri-o defaults\n2017761 - [e2e][automation] dummy bug for 4.9 test dependency\n2017872 - Add Sprint 209 translations\n2017874 - The installer is incorrectly checking the quota for X instances instead of G and VT instances\n2017879 - Add Chinese translation for \"alternate\"\n2017882 - multus: add handling of pod UIDs passed from runtime\n2017909 - [ICNI 2.0] ovnkube-masters stop processing add/del events for pods\n2018042 - HorizontalPodAutoscaler CPU averageValue did not show up in HPA metrics GUI\n2018093 - Managed cluster should ensure control plane pods do not run in best-effort QoS\n2018094 - the tooltip length is limited\n2018152 - CNI pod is not restarted when It cannot start servers due to ports being used\n2018208 - e2e-metal-ipi-ovn-ipv6 are failing 75% of the time\n2018234 - user settings are saved in local storage instead of on cluster\n2018264 - Delete Export button doesn\u0027t work in topology sidebar (general issue with unknown CSV?)\n2018272 - Deployment managed by link and topology sidebar links to invalid resource page (at least for Exports)\n2018275 - Topology graph doesn\u0027t show context menu for Export CSV\n2018279 - Edit and Delete confirmation modals for managed resource should close when the managed resource is clicked\n2018380 - Migrate docs links to access.redhat.com\n2018413 - Error: context deadline exceeded, OCP 4.8.9\n2018428 - PVC is deleted along with VM even with \"Delete Disks\" unchecked\n2018445 - [e2e][automation] enhance tests for downstream\n2018446 - [e2e][automation] move tests to different level\n2018449 - [e2e][automation] add test about create/delete network attachment definition\n2018490 - [4.10] Image provisioning fails with file name too long\n2018495 - Fix typo in internationalization README\n2018542 - Kernel upgrade does not reconcile DaemonSet\n2018880 - Get \u0027No datapoints found.\u0027 when query metrics about alert rule KubeCPUQuotaOvercommit and KubeMemoryQuotaOvercommit\n2018884 - QE - Adapt crw-basic feature file to OCP 4.9/4.10 changes\n2018935 - go.sum not updated, that ART extracts version string from, WAS: Missing backport from 4.9 for Kube bump PR#950\n2018965 - e2e-metal-ipi-upgrade is permafailing in 4.10\n2018985 - The rootdisk size is 15Gi of windows VM in customize wizard\n2019001 - AWS: Operator degraded (CredentialsFailing): 1 of 6 credentials requests are failing to sync. \n2019096 - Update SRO leader election timeout to support SNO\n2019129 - SRO in operator hub points to wrong repo for README\n2019181 - Performance profile does not apply\n2019198 - ptp offset metrics are not named according to the log output\n2019219 - [IBMCLOUD]: cloud-provider-ibm missing IAM permissions in CCCMO CredentialRequest\n2019284 - Stop action should not in the action list while VMI is not running\n2019346 - zombie processes accumulation and Argument list too long\n2019360 - [RFE] Virtualization Overview page\n2019452 - Logger object in LSO appends to existing logger recursively\n2019591 - Operator install modal body that scrolls has incorrect padding causing shadow position to be incorrect\n2019634 - Pause and migration is enabled in action list for a user who has view only permission\n2019636 - Actions in VM tabs should be disabled when user has view only permission\n2019639 - \"Take snapshot\" should be disabled while VM image is still been importing\n2019645 - Create button is not removed on \"Virtual Machines\" page for view only user\n2019646 - Permission error should pop-up immediately while clicking \"Create VM\" button on template page for view only user\n2019647 - \"Remove favorite\" and \"Create new Template\" should be disabled in template action list for view only user\n2019717 - cant delete VM with un-owned pvc attached\n2019722 - The shared-resource-csi-driver-node pod runs as \u201cBestEffort\u201d qosClass\n2019739 - The shared-resource-csi-driver-node uses imagePullPolicy as \"Always\"\n2019744 - [RFE] Suggest users to download newest RHEL 8 version\n2019809 - [OVN][Upgrade] After upgrade to 4.7.34 ovnkube-master pods are in CrashLoopBackOff/ContainerCreating and other multiple issues at OVS/OVN level\n2019827 - Display issue with top-level menu items running demo plugin\n2019832 - 4.10 Nightlies blocked: Failed to upgrade authentication, operator was degraded\n2019886 - Kuryr unable to finish ports recovery upon controller restart\n2019948 - [RFE] Restructring Virtualization links\n2019972 - The Nodes section doesn\u0027t display the csr of the nodes that are trying to join the cluster\n2019977 - Installer doesn\u0027t validate region causing binary to hang with a 60 minute timeout\n2019986 - Dynamic demo plugin fails to build\n2019992 - instance:node_memory_utilisation:ratio metric is incorrect\n2020001 - Update dockerfile for demo dynamic plugin to reflect dir change\n2020003 - MCD does not regard \"dangling\" symlinks as a files, attempts to write through them on next backup, resulting in \"not writing through dangling symlink\" error and degradation. \n2020107 - cluster-version-operator: remove runlevel from CVO namespace\n2020153 - Creation of Windows high performance VM fails\n2020216 - installer: Azure storage container blob where is stored bootstrap.ign file shouldn\u0027t be public\n2020250 - Replacing deprecated ioutil\n2020257 - Dynamic plugin with multiple webpack compilation passes may fail to build\n2020275 - ClusterOperators link in console returns blank page during upgrades\n2020377 - permissions error while using tcpdump option with must-gather\n2020489 - coredns_dns metrics don\u0027t include the custom zone metrics data due to CoreDNS prometheus plugin is not defined\n2020498 - \"Show PromQL\" button is disabled\n2020625 - [AUTH-52] User fails to login from web console with keycloak OpenID IDP after enable group membership sync feature\n2020638 - [4.7] CI conformance test failures related to CustomResourcePublishOpenAPI\n2020664 - DOWN subports are not cleaned up\n2020904 - When trying to create a connection from the Developer view between VMs, it fails\n2021016 - \u0027Prometheus Stats\u0027 of dashboard \u0027Prometheus Overview\u0027 miss data on console compared with Grafana\n2021017 - 404 page not found error on knative eventing page\n2021031 - QE - Fix the topology CI scripts\n2021048 - [RFE] Added MAC Spoof check\n2021053 - Metallb operator presented as community operator\n2021067 - Extensive number of requests from storage version operator in cluster\n2021081 - Missing PolicyGenTemplate for configuring Local Storage Operator LocalVolumes\n2021135 - [azure-file-csi-driver] \"make unit-test\" returns non-zero code, but tests pass\n2021141 - Cluster should allow a fast rollout of kube-apiserver is failing on single node\n2021151 - Sometimes the DU node does not get the performance profile configuration applied and MachineConfigPool stays stuck in Updating\n2021152 - imagePullPolicy is \"Always\" for ptp operator images\n2021191 - Project admins should be able to list available network attachment defintions\n2021205 - Invalid URL in git import form causes validation to not happen on URL change\n2021322 - cluster-api-provider-azure should populate purchase plan information\n2021337 - Dynamic Plugins: ResourceLink doesn\u0027t render when passed a groupVersionKind\n2021364 - Installer requires invalid AWS permission s3:GetBucketReplication\n2021400 - Bump documentationBaseURL to 4.10\n2021405 - [e2e][automation] VM creation wizard Cloud Init editor\n2021433 - \"[sig-builds][Feature:Builds][pullsearch] docker build where the registry is not specified\" test fail permanently on disconnected\n2021466 - [e2e][automation] Windows guest tool mount\n2021544 - OCP 4.6.44 - Ingress VIP assigned as secondary IP in ovs-if-br-ex and added to resolv.conf as nameserver\n2021551 - Build is not recognizing the USER group from an s2i image\n2021607 - Unable to run openshift-install with a vcenter hostname that begins with a numeric character\n2021629 - api request counts for current hour are incorrect\n2021632 - [UI] Clicking on odf-operator breadcrumb from StorageCluster details page displays empty page\n2021693 - Modals assigned modal-lg class are no longer the correct width\n2021724 - Observe \u003e Dashboards: Graph lines are not visible when obscured by other lines\n2021731 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled\n2021936 - Kubelet version in RPMs should be using Dockerfile label instead of git tags\n2022050 - [BM][IPI] Failed during bootstrap - unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem\n2022053 - dpdk application with vhost-net is not able to start\n2022114 - Console logging every proxy request\n2022144 - 1 of 3 ovnkube-master pods stuck in clbo after ipi bm deployment - dualstack (Intermittent)\n2022251 - wait interval in case of a failed upload due to 403 is unnecessarily long\n2022399 - MON_DISK_LOW troubleshooting guide link when clicked, gives 404 error . \n2022447 - ServiceAccount in manifests conflicts with OLM\n2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules. \n2022509 - getOverrideForManifest does not check manifest.GVK.Group\n2022536 - WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache\n2022612 - no namespace field for \"Kubernetes / Compute Resources / Namespace (Pods)\" admin console dashboard\n2022627 - Machine object not picking up external FIP added to an openstack vm\n2022646 - configure-ovs.sh failure - Error: unknown connection \u0027WARN:\u0027\n2022707 - Observe / monitoring dashboard shows forbidden errors on Dev Sandbox\n2022801 - Add Sprint 210 translations\n2022811 - Fix kubelet log rotation file handle leak\n2022812 - [SCALE] ovn-kube service controller executes unnecessary load balancer operations\n2022824 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests\n2022880 - Pipeline renders with minor visual artifact with certain task dependencies\n2022886 - Incorrect URL in operator description\n2023042 - CRI-O filters custom runtime allowed annotation when both custom workload and custom runtime sections specified under the config\n2023060 - [e2e][automation] Windows VM with CDROM migration\n2023077 - [e2e][automation] Home Overview Virtualization status\n2023090 - [e2e][automation] Examples of Import URL for VM templates\n2023102 - [e2e][automation] Cloudinit disk of VM from custom template\n2023216 - ACL for a deleted egressfirewall still present on node join switch\n2023228 - Remove Tech preview badge on Trigger components 1.6 OSP on OCP 4.9\n2023238 - [sig-devex][Feature:ImageEcosystem][python][Slow] hot deploy for openshift python image Django example should work with hot deploy\n2023342 - SCC admission should take ephemeralContainers into account\n2023356 - Devfiles can\u0027t be loaded in Safari on macOS (403 - Forbidden)\n2023434 - Update Azure Machine Spec API to accept Marketplace Images\n2023500 - Latency experienced while waiting for volumes to attach to node\n2023522 - can\u0027t remove package from index: database is locked\n2023560 - \"Network Attachment Definitions\" has no project field on the top in the list view\n2023592 - [e2e][automation] add mac spoof check for nad\n2023604 - ACL violation when deleting a provisioning-configuration resource\n2023607 - console returns blank page when normal user without any projects visit Installed Operators page\n2023638 - Downgrade support level for extended control plane integration to Dev Preview\n2023657 - inconsistent behaviours of adding ssh key on rhel node between 4.9 and 4.10\n2023675 - Changing CNV Namespace\n2023779 - Fix Patch 104847 in 4.9\n2023781 - initial hardware devices is not loading in wizard\n2023832 - CCO updates lastTransitionTime for non-Status changes\n2023839 - Bump recommended FCOS to 34.20211031.3.0\n2023865 - Console css overrides prevent dynamic plug-in PatternFly tables from displaying correctly\n2023950 - make test-e2e-operator on kubernetes-nmstate results in failure to pull image from \"registry:5000\" repository\n2023985 - [4.10] OVN idle service cannot be accessed after upgrade from 4.8\n2024055 - External DNS added extra prefix for the TXT record\n2024108 - Occasionally node remains in SchedulingDisabled state even after update has been completed sucessfully\n2024190 - e2e-metal UPI is permafailing with inability to find rhcos.json\n2024199 - 400 Bad Request error for some queries for the non admin user\n2024220 - Cluster monitoring checkbox flickers when installing Operator in all-namespace mode\n2024262 - Sample catalog is not displayed when one API call to the backend fails\n2024309 - cluster-etcd-operator: defrag controller needs to provide proper observability\n2024316 - modal about support displays wrong annotation\n2024328 - [oVirt / RHV] PV disks are lost when machine deleted while node is disconnected\n2024399 - Extra space is in the translated text of \"Add/Remove alternate service\" on Create Route page\n2024448 - When ssh_authorized_keys is empty in form view it should not appear in yaml view\n2024493 - Observe \u003e Alerting \u003e Alerting rules page throws error trying to destructure undefined\n2024515 - test-blocker: Ceph-storage-plugin tests failing\n2024535 - hotplug disk missing OwnerReference\n2024537 - WINDOWS_IMAGE_LINK does not refer to windows cloud image\n2024547 - Detail page is breaking for namespace store , backing store and bucket class. \n2024551 - KMS resources not getting created for IBM FlashSystem storage\n2024586 - Special Resource Operator(SRO) - Empty image in BuildConfig when using RT kernel\n2024613 - pod-identity-webhook starts without tls\n2024617 - vSphere CSI tests constantly failing with Rollout of the monitoring stack failed and is degraded\n2024665 - Bindable services are not shown on topology\n2024731 - linuxptp container: unnecessary checking of interfaces\n2024750 - i18n some remaining OLM items\n2024804 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured\n2024826 - [RHOS/IPI] Masters are not joining a clusters when installing on OpenStack\n2024841 - test Keycloak with latest tag\n2024859 - Not able to deploy an existing image from private image registry using developer console\n2024880 - Egress IP breaks when network policies are applied\n2024900 - Operator upgrade kube-apiserver\n2024932 - console throws \"Unauthorized\" error after logging out\n2024933 - openshift-sync plugin does not sync existing secrets/configMaps on start up\n2025093 - Installer does not honour diskformat specified in storage policy and defaults to zeroedthick\n2025230 - ClusterAutoscalerUnschedulablePods should not be a warning\n2025266 - CreateResource route has exact prop which need to be removed\n2025301 - [e2e][automation] VM actions availability in different VM states\n2025304 - overwrite storage section of the DV spec instead of the pvc section\n2025431 - [RFE]Provide specific windows source link\n2025458 - [IPI-AWS] cluster-baremetal-operator pod in a crashloop state after patching from 4.7.21 to 4.7.36\n2025464 - [aws] openshift-install gather bootstrap collects logs for bootstrap and only one master node\n2025467 - [OVN-K][ETP=local] Host to service backed by ovn pods doesn\u0027t work for ExternalTrafficPolicy=local\n2025481 - Update VM Snapshots UI\n2025488 - [DOCS] Update the doc for nmstate operator installation\n2025592 - ODC 4.9 supports invalid devfiles only\n2025765 - It should not try to load from storageProfile after unchecking\"Apply optimized StorageProfile settings\"\n2025767 - VMs orphaned during machineset scaleup\n2025770 - [e2e] non-priv seems looking for v2v-vmware configMap in ns \"kubevirt-hyperconverged\" while using customize wizard\n2025788 - [IPI on azure]Pre-check on IPI Azure, should check VM Size\u2019s vCPUsAvailable instead of vCPUs for the sku. \n2025821 - Make \"Network Attachment Definitions\" available to regular user\n2025823 - The console nav bar ignores plugin separator in existing sections\n2025830 - CentOS capitalizaion is wrong\n2025837 - Warn users that the RHEL URL expire\n2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-*\n2025903 - [UI] RoleBindings tab doesn\u0027t show correct rolebindings\n2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2026178 - OpenShift Alerting Rules Style-Guide Compliance\n2026209 - Updation of task is getting failed (tekton hub integration)\n2026223 - Internal error occurred: failed calling webhook \"ptpconfigvalidationwebhook.openshift.io\"\n2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates\n2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct\n2026352 - Kube-Scheduler revision-pruner fail during install of new cluster\n2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment\n2026383 - Error when rendering custom Grafana dashboard through ConfigMap\n2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation\n2026396 - Cachito Issues: sriov-network-operator Image build failure\n2026488 - openshift-controller-manager - delete event is repeating pathologically\n2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined. \n2026560 - Cluster-version operator does not remove unrecognized volume mounts\n2026699 - fixed a bug with missing metadata\n2026813 - add Mellanox CX-6 Lx DeviceID 101f NIC support in SR-IOV Operator\n2026898 - Description/details are missing for Local Storage Operator\n2027132 - Use the specific icon for Fedora and CentOS template\n2027238 - \"Node Exporter / USE Method / Cluster\" CPU utilization graph shows incorrect legend\n2027272 - KubeMemoryOvercommit alert should be human readable\n2027281 - [Azure] External-DNS cannot find the private DNS zone in the resource group\n2027288 - Devfile samples can\u0027t be loaded after fixing it on Safari (redirect caching issue)\n2027299 - The status of checkbox component is not revealed correctly in code\n2027311 - K8s watch hooks do not work when fetching core resources\n2027342 - Alert ClusterVersionOperatorDown is firing on OpenShift Container Platform after ca certificate rotation\n2027363 - The azure-file-csi-driver and azure-file-csi-driver-operator don\u0027t use the downstream images\n2027387 - [IBMCLOUD] Terraform ibmcloud-provider buffers entirely the qcow2 image causing spikes of 5GB of RAM during installation\n2027498 - [IBMCloud] SG Name character length limitation\n2027501 - [4.10] Bootimage bump tracker\n2027524 - Delete Application doesn\u0027t delete Channels or Brokers\n2027563 - e2e/add-flow-ci.feature fix accessibility violations\n2027585 - CVO crashes when changing spec.upstream to a cincinnati graph which includes invalid conditional edges\n2027629 - Gather ValidatingWebhookConfiguration and MutatingWebhookConfiguration resource definitions\n2027685 - openshift-cluster-csi-drivers pods crashing on PSI\n2027745 - default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced\n2027824 - ovnkube-master CrashLoopBackoff: panic: Expected slice or struct but got string\n2027917 - No settings in hostfirmwaresettings and schema objects for masters\n2027927 - sandbox creation fails due to obsolete option in /etc/containers/storage.conf\n2027982 - nncp stucked at ConfigurationProgressing\n2028019 - Max pending serving CSRs allowed in cluster machine approver is not right for UPI clusters\n2028024 - After deleting a SpecialResource, the node is still tagged although the driver is removed\n2028030 - Panic detected in cluster-image-registry-operator pod\n2028042 - Desktop viewer for Windows VM shows \"no Service for the RDP (Remote Desktop Protocol) can be found\"\n2028054 - Cloud controller manager operator can\u0027t get leader lease when upgrading from 4.8 up to 4.9\n2028106 - [RFE] Use dynamic plugin actions for kubevirt plugin\n2028141 - Console tests doesn\u0027t pass on Node.js 15 and 16\n2028160 - Remove i18nKey in network-policy-peer-selectors.tsx\n2028162 - Add Sprint 210 translations\n2028170 - Remove leading and trailing whitespace\n2028174 - Add Sprint 210 part 2 translations\n2028187 - Console build doesn\u0027t pass on Node.js 16 because node-sass doesn\u0027t support it\n2028217 - Cluster-version operator does not default Deployment replicas to one\n2028240 - Multiple CatalogSources causing higher CPU use than necessary\n2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn\u0027t be set in HostFirmwareSettings\n2028325 - disableDrain should be set automatically on SNO\n2028484 - AWS EBS CSI driver\u0027s livenessprobe does not respect operator\u0027s loglevel\n2028531 - Missing netFilter to the list of parameters when platform is OpenStack\n2028610 - Installer doesn\u0027t retry on GCP rate limiting\n2028685 - LSO repeatedly reports errors while diskmaker-discovery pod is starting\n2028695 - destroy cluster does not prune bootstrap instance profile\n2028731 - The containerruntimeconfig controller has wrong assumption regarding the number of containerruntimeconfigs\n2028802 - CRI-O panic due to invalid memory address or nil pointer dereference\n2028816 - VLAN IDs not released on failures\n2028881 - Override not working for the PerformanceProfile template\n2028885 - Console should show an error context if it logs an error object\n2028949 - Masthead dropdown item hover text color is incorrect\n2028963 - Whereabouts should reconcile stranded IP addresses\n2029034 - enabling ExternalCloudProvider leads to inoperative cluster\n2029178 - Create VM with wizard - page is not displayed\n2029181 - Missing CR from PGT\n2029273 - wizard is not able to use if project field is \"All Projects\"\n2029369 - Cypress tests github rate limit errors\n2029371 - patch pipeline--worker nodes unexpectedly reboot during scale out\n2029394 - missing empty text for hardware devices at wizard review\n2029414 - Alibaba Disk snapshots with XFS filesystem cannot be used\n2029416 - Alibaba Disk CSI driver does not use credentials provided by CCO / ccoctl\n2029521 - EFS CSI driver cannot delete volumes under load\n2029570 - Azure Stack Hub: CSI Driver does not use user-ca-bundle\n2029579 - Clicking on an Application which has a Helm Release in it causes an error\n2029644 - New resource FirmwareSchema - reset_required exists for Dell machines and doesn\u0027t for HPE\n2029645 - Sync upstream 1.15.0 downstream\n2029671 - VM action \"pause\" and \"clone\" should be disabled while VM disk is still being importing\n2029742 - [ovn] Stale lr-policy-list and snat rules left for egressip\n2029750 - cvo keep restart due to it fail to get feature gate value during the initial start stage\n2029785 - CVO panic when an edge is included in both edges and conditionaledges\n2029843 - Downstream ztp-site-generate-rhel8 4.10 container image missing content(/home/ztp)\n2030003 - HFS CRD: Attempt to set Integer parameter to not-numeric string value - no error\n2030029 - [4.10][goroutine]Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace\n2030228 - Fix StorageSpec resources field to use correct API\n2030229 - Mirroring status card reflect wrong data\n2030240 - Hide overview page for non-privileged user\n2030305 - Export App job do not completes\n2030347 - kube-state-metrics exposes metrics about resource annotations\n2030364 - Shared resource CSI driver monitoring is not setup correctly\n2030488 - Numerous Azure CI jobs are Failing with Partially Rendered machinesets\n2030534 - Node selector/tolerations rules are evaluated too early\n2030539 - Prometheus is not highly available\n2030556 - Don\u0027t display Description or Message fields for alerting rules if those annotations are missing\n2030568 - Operator installation fails to parse operatorframework.io/initialization-resource annotation\n2030574 - console service uses older \"service.alpha.openshift.io\" for the service serving certificates. \n2030677 - BOND CNI: There is no option to configure MTU on a Bond interface\n2030692 - NPE in PipelineJobListener.upsertWorkflowJob\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2030847 - PerformanceProfile API version should be v2\n2030961 - Customizing the OAuth server URL does not apply to upgraded cluster\n2031006 - Application name input field is not autofocused when user selects \"Create application\"\n2031012 - Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex\n2031040 - Error screen when open topology sidebar for a Serverless / knative service which couldn\u0027t be started\n2031049 - [vsphere upi] pod machine-config-operator cannot be started due to panic issue\n2031057 - Topology sidebar for Knative services shows a small pod ring with \"0 undefined\" as tooltip\n2031060 - Failing CSR Unit test due to expired test certificate\n2031085 - ovs-vswitchd running more threads than expected\n2031141 - Some pods not able to reach k8s api svc IP 198.223.0.1\n2031228 - CVE-2021-43813 grafana: directory traversal vulnerability\n2031502 - [RFE] New common templates crash the ui\n2031685 - Duplicated forward upstreams should be removed from the dns operator\n2031699 - The displayed ipv6 address of a dns upstream should be case sensitive\n2031797 - [RFE] Order and text of Boot source type input are wrong\n2031826 - CI tests needed to confirm driver-toolkit image contents\n2031831 - OCP Console - Global CSS overrides affecting dynamic plugins\n2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional\n2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled)\n2031875 - [RFE]: Provide online documentation for the SRO CRD (via oc explain)\n2031926 - [ipv6dualstack] After SVC conversion from single stack only to RequireDualStack, cannot curl NodePort from the node itself\n2032006 - openshift-gitops-application-controller-0 failed to schedule with sufficient node allocatable resource\n2032111 - arm64 cluster, create project and deploy the example deployment, pod is CrashLoopBackOff due to the image is built on linux+amd64\n2032141 - open the alertrule link in new tab, got empty page\n2032179 - [PROXY] external dns pod cannot reach to cloud API in the cluster behind a proxy\n2032296 - Cannot create machine with ephemeral disk on Azure\n2032407 - UI will show the default openshift template wizard for HANA template\n2032415 - Templates page - remove \"support level\" badge and add \"support level\" column which should not be hard coded\n2032421 - [RFE] UI integration with automatic updated images\n2032516 - Not able to import git repo with .devfile.yaml\n2032521 - openshift-installer intermittent failure on AWS with \"Error: Provider produced inconsistent result after apply\" when creating the aws_vpc_dhcp_options_association resource\n2032547 - hardware devices table have filter when table is empty\n2032565 - Deploying compressed files with a MachineConfig resource degrades the MachineConfigPool\n2032566 - Cluster-ingress-router does not support Azure Stack\n2032573 - Adopting enforces deploy_kernel/ramdisk which does not work with deploy_iso\n2032589 - DeploymentConfigs ignore resolve-names annotation\n2032732 - Fix styling conflicts due to recent console-wide CSS changes\n2032831 - Knative Services and Revisions are not shown when Service has no ownerReference\n2032851 - Networking is \"not available\" in Virtualization Overview\n2032926 - Machine API components should use K8s 1.23 dependencies\n2032994 - AddressPool IP is not allocated to service external IP wtih aggregationLength 24\n2032998 - Can not achieve 250 pods/node with OVNKubernetes in a multiple worker node cluster\n2033013 - Project dropdown in user preferences page is broken\n2033044 - Unable to change import strategy if devfile is invalid\n2033098 - Conjunction in ProgressiveListFooter.tsx is not translatable\n2033111 - IBM VPC operator library bump removed global CLI args\n2033138 - \"No model registered for Templates\" shows on customize wizard\n2033215 - Flaky CI: crud/other-routes.spec.ts fails sometimes with an cypress ace/a11y AssertionError: 1 accessibility violation was detected\n2033239 - [IPI on Alibabacloud] \u0027openshift-install\u0027 gets the wrong region (\u2018cn-hangzhou\u2019) selected\n2033257 - unable to use configmap for helm charts\n2033271 - [IPI on Alibabacloud] destroying cluster succeeded, but the resource group deletion wasn\u2019t triggered\n2033290 - Product builds for console are failing\n2033382 - MAPO is missing machine annotations\n2033391 - csi-driver-shared-resource-operator sets unused CVO-manifest annotations\n2033403 - Devfile catalog does not show provider information\n2033404 - Cloud event schema is missing source type and resource field is using wrong value\n2033407 - Secure route data is not pre-filled in edit flow form\n2033422 - CNO not allowing LGW conversion from SGW in runtime\n2033434 - Offer darwin/arm64 oc in clidownloads\n2033489 - CCM operator failing on baremetal platform\n2033518 - [aws-efs-csi-driver]Should not accept invalid FSType in sc for AWS EFS driver\n2033524 - [IPI on Alibabacloud] interactive installer cannot list existing base domains\n2033536 - [IPI on Alibabacloud] bootstrap complains invalid value for alibabaCloud.resourceGroupID when updating \"cluster-infrastructure-02-config.yml\" status, which leads to bootstrap failed and all master nodes NotReady\n2033538 - Gather Cost Management Metrics Custom Resource\n2033579 - SRO cannot update the special-resource-lifecycle ConfigMap if the data field is undefined\n2033587 - Flaky CI test project-dashboard.scenario.ts: Resource Quotas Card was not found on project detail page\n2033634 - list-style-type: disc is applied to the modal dropdowns\n2033720 - Update samples in 4.10\n2033728 - Bump OVS to 2.16.0-33\n2033729 - remove runtime request timeout restriction for azure\n2033745 - Cluster-version operator makes upstream update service / Cincinnati requests more frequently than intended\n2033749 - Azure Stack Terraform fails without Local Provider\n2033750 - Local volume should pull multi-arch image for kube-rbac-proxy\n2033751 - Bump kubernetes to 1.23\n2033752 - make verify fails due to missing yaml-patch\n2033784 - set kube-apiserver degraded=true if webhook matches a virtual resource\n2034004 - [e2e][automation] add tests for VM snapshot improvements\n2034068 - [e2e][automation] Enhance tests for 4.10 downstream\n2034087 - [OVN] EgressIP was assigned to the node which is not egress node anymore\n2034097 - [OVN] After edit EgressIP object, the status is not correct\n2034102 - [OVN] Recreate the deleted EgressIP object got InvalidEgressIP warning\n2034129 - blank page returned when clicking \u0027Get started\u0027 button\n2034144 - [OVN AWS] ovn-kube egress IP monitoring cannot detect the failure on ovn-k8s-mp0\n2034153 - CNO does not verify MTU migration for OpenShiftSDN\n2034155 - [OVN-K] [Multiple External Gateways] Per pod SNAT is disabled\n2034170 - Use function.knative.dev for Knative Functions related labels\n2034190 - unable to add new VirtIO disks to VMs\n2034192 - Prometheus fails to insert reporting metrics when the sample limit is met\n2034243 - regular user cant load template list\n2034245 - installing a cluster on aws, gcp always fails with \"Error: Incompatible provider version\"\n2034248 - GPU/Host device modal is too small\n2034257 - regular user `Create VM` missing permissions alert\n2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]\n2034287 - do not block upgrades if we can\u0027t create storageclass in 4.10 in vsphere\n2034300 - Du validator policy is NonCompliant after DU configuration completed\n2034319 - Negation constraint is not validating packages\n2034322 - CNO doesn\u0027t pick up settings required when ExternalControlPlane topology\n2034350 - The CNO should implement the Whereabouts IP reconciliation cron job\n2034362 - update description of disk interface\n2034398 - The Whereabouts IPPools CRD should include the podref field\n2034409 - Default CatalogSources should be pointing to 4.10 index images\n2034410 - Metallb BGP, BFD: prometheus is not scraping the frr metrics\n2034413 - cloud-network-config-controller fails to init with secret \"cloud-credentials\" not found in manual credential mode\n2034460 - Summary: cloud-network-config-controller does not account for different environment\n2034474 - Template\u0027s boot source is \"Unknown source\" before and after set enableCommonBootImageImport to true\n2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren\u0027t working properly\n2034493 - Change cluster version operator log level\n2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list\n2034527 - IPI deployment fails \u0027timeout reached while inspecting the node\u0027 when provisioning network ipv6\n2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer\n2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART\n2034537 - Update team\n2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds\n2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success\n2034577 - Current OVN gateway mode should be reflected on node annotation as well\n2034621 - context menu not popping up for application group\n2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10\n2034624 - Warn about unsupported CSI driver in vsphere operator\n2034647 - missing volumes list in snapshot modal\n2034648 - Rebase openshift-controller-manager to 1.23\n2034650 - Rebase openshift/builder to 1.23\n2034705 - vSphere: storage e2e tests logging configuration data\n2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail. \n2034766 - Special Resource Operator(SRO) - no cert-manager pod created in dual stack environment\n2034785 - ptpconfig with summary_interval cannot be applied\n2034823 - RHEL9 should be starred in template list\n2034838 - An external router can inject routes if no service is added\n2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent\n2034879 - Lifecycle hook\u0027s name and owner shouldn\u0027t be allowed to be empty\n2034881 - Cloud providers components should use K8s 1.23 dependencies\n2034884 - ART cannot build the image because it tries to download controller-gen\n2034889 - `oc adm prune deployments` does not work\n2034898 - Regression in recently added Events feature\n2034957 - update openshift-apiserver to kube 1.23.1\n2035015 - ClusterLogForwarding CR remains stuck remediating forever\n2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster\n2035141 - [RFE] Show GPU/Host devices in template\u0027s details tab\n2035146 - \"kubevirt-plugin~PVC cannot be empty\" shows on add-disk modal while adding existing PVC\n2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting\n2035199 - IPv6 support in mtu-migration-dispatcher.yaml\n2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing\n2035250 - Peering with ebgp peer over multi-hops doesn\u0027t work\n2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices\n2035315 - invalid test cases for AWS passthrough mode\n2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env\n2035321 - Add Sprint 211 translations\n2035326 - [ExternalCloudProvider] installation with additional network on workers fails\n2035328 - Ccoctl does not ignore credentials request manifest marked for deletion\n2035333 - Kuryr orphans ports on 504 errors from Neutron\n2035348 - Fix two grammar issues in kubevirt-plugin.json strings\n2035393 - oc set data --dry-run=server makes persistent changes to configmaps and secrets\n2035409 - OLM E2E test depends on operator package that\u0027s no longer published\n2035439 - SDN Automatic assignment EgressIP on GCP returned node IP adress not egressIP address\n2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to \u0027ecs-cn-hangzhou.aliyuncs.com\u0027 timeout, although the specified region is \u0027us-east-1\u0027\n2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster\n2035467 - UI: Queried metrics can\u0027t be ordered on Oberve-\u003eMetrics page\n2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers\n2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class\n2035602 - [e2e][automation] add tests for Virtualization Overview page cards\n2035703 - Roles -\u003e RoleBindings tab doesn\u0027t show RoleBindings correctly\n2035704 - RoleBindings list page filter doesn\u0027t apply\n2035705 - Azure \u0027Destroy cluster\u0027 get stuck when the cluster resource group is already not existing. \n2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed\n2035772 - AccessMode and VolumeMode is not reserved for customize wizard\n2035847 - Two dashes in the Cronjob / Job pod name\n2035859 - the output of opm render doesn\u0027t contain olm.constraint which is defined in dependencies.yaml\n2035882 - [BIOS setting values] Create events for all invalid settings in spec\n2035903 - One redundant capi-operator credential requests in \u201coc adm extract --credentials-requests\u201d\n2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen\n2035927 - Cannot enable HighNodeUtilization scheduler profile\n2035933 - volume mode and access mode are empty in customize wizard review tab\n2035969 - \"ip a \" shows \"Error: Peer netns reference is invalid\" after create test pods\n2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation\n2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error\n2036029 - New added cloud-network-config operator doesn\u2019t supported aws sts format credential\n2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend\n2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes\n2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23\n2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23\n2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments\n2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists\n2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected\n2036826 - `oc adm prune deployments` can prune the RC/RS\n2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform\n2036861 - kube-apiserver is degraded while enable multitenant\n2036937 - Command line tools page shows wrong download ODO link\n2036940 - oc registry login fails if the file is empty or stdout\n2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container\n2036989 - Route URL copy to clipboard button wraps to a separate line by itself\n2036990 - ZTP \"DU Done inform policy\" never becomes compliant on multi-node clusters\n2036993 - Machine API components should use Go lang version 1.17\n2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log. \n2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api\n2037073 - Alertmanager container fails to start because of startup probe never being successful\n2037075 - Builds do not support CSI volumes\n2037167 - Some log level in ibm-vpc-block-csi-controller are hard code\n2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles\n2037182 - PingSource badge color is not matched with knativeEventing color\n2037203 - \"Running VMs\" card is too small in Virtualization Overview\n2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly\n2037237 - Add \"This is a CD-ROM boot source\" to customize wizard\n2037241 - default TTL for noobaa cache buckets should be 0\n2037246 - Cannot customize auto-update boot source\n2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately\n2037288 - Remove stale image reference\n2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources\n2037483 - Rbacs for Pods within the CBO should be more restrictive\n2037484 - Bump dependencies to k8s 1.23\n2037554 - Mismatched wave number error message should include the wave numbers that are in conflict\n2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform]\n2037635 - impossible to configure custom certs for default console route in ingress config\n2037637 - configure custom certificate for default console route doesn\u0027t take effect for OCP \u003e= 4.8\n2037638 - Builds do not support CSI volumes as volume sources\n2037664 - text formatting issue in Installed Operators list table\n2037680 - [IPI on Alibabacloud] sometimes operator \u0027cloud-controller-manager\u0027 tells empty VERSION, due to conflicts on listening tcp :8080\n2037689 - [IPI on Alibabacloud] sometimes operator \u0027cloud-controller-manager\u0027 tells empty VERSION, due to conflicts on listening tcp :8080\n2037801 - Serverless installation is failing on CI jobs for e2e tests\n2037813 - Metal Day 1 Networking - networkConfig Field Only Accepts String Format\n2037856 - use lease for leader election\n2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10\n2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests\n2037904 - upgrade operator deployment failed due to memory limit too low for manager container\n2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation]\n2038034 - non-privileged user cannot see auto-update boot source\n2038053 - Bump dependencies to k8s 1.23\n2038088 - Remove ipa-downloader references\n2038160 - The `default` project missed the annotation : openshift.io/node-selector: \"\"\n2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional\n2038196 - must-gather is missing collecting some metal3 resources\n2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777)\n2038253 - Validator Policies are long lived\n2038272 - Failures to build a PreprovisioningImage are not reported\n2038384 - Azure Default Instance Types are Incorrect\n2038389 - Failing test: [sig-arch] events should not repeat pathologically\n2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket\n2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips\n2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained\n2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect\n2038663 - update kubevirt-plugin OWNERS\n2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via \"oc adm groups new\"\n2038705 - Update ptp reviewers\n2038761 - Open Observe-\u003eTargets page, wait for a while, page become blank\n2038768 - All the filters on the Observe-\u003eTargets page can\u0027t work\n2038772 - Some monitors failed to display on Observe-\u003eTargets page\n2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node\n2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces\n2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard\n2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation\n2038864 - E2E tests fail because multi-hop-net was not created\n2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console\n2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured\n2038968 - Move feature gates from a carry patch to openshift/api\n2039056 - Layout issue with breadcrumbs on API explorer page\n2039057 - Kind column is not wide enough in API explorer page\n2039064 - Bulk Import e2e test flaking at a high rate\n2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled\n2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters\n2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost\n2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy\n2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator\n2039170 - [upgrade]Error shown on registry operator \"missing the cloud-provider-config configmap\" after upgrade\n2039227 - Improve image customization server parameter passing during installation\n2039241 - Improve image customization server parameter passing during installation\n2039244 - Helm Release revision history page crashes the UI\n2039294 - SDN controller metrics cannot be consumed correctly by prometheus\n2039311 - oc Does Not Describe Build CSI Volumes\n2039315 - Helm release list page should only fetch secrets for deployed charts\n2039321 - SDN controller metrics are not being consumed by prometheus\n2039330 - Create NMState button doesn\u0027t work in OperatorHub web console\n2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations\n2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters. \n2039359 - `oc adm prune deployments` can\u0027t prune the RS where the associated Deployment no longer exists\n2039382 - gather_metallb_logs does not have execution permission\n2039406 - logout from rest session after vsphere operator sync is finished\n2039408 - Add GCP region northamerica-northeast2 to allowed regions\n2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration\n2039425 - No need to set KlusterletAddonConfig CR applicationManager-\u003eenabled: true in RAN ztp deployment\n2039491 - oc - git:// protocol used in unit tests\n2039516 - Bump OVN to ovn21.12-21.12.0-25\n2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate\n2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled\n2039541 - Resolv-prepender script duplicating entries\n2039586 - [e2e] update centos8 to centos stream8\n2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty\n2039619 - [AWS] In tree provisioner storageclass aws disk type should contain \u0027gp3\u0027 and csi provisioner storageclass default aws disk type should be \u0027gp3\u0027\n2039670 - Create PDBs for control plane components\n2039678 - Page goes blank when create image pull secret\n2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported\n2039743 - React missing key warning when open operator hub detail page (and maybe others as well)\n2039756 - React missing key warning when open KnativeServing details\n2039770 - Observe dashboard doesn\u0027t react on time-range changes after browser reload when perspective is changed in another tab\n2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard\n2039781 - [GSS] OBC is not visible by admin of a Project on Console\n2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector\n2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled\n2039880 - Log level too low for control plane metrics\n2039919 - Add E2E test for router compression feature\n2039981 - ZTP for standard clusters installs stalld on master nodes\n2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead\n2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced\n2040143 - [IPI on Alibabacloud] suggest to remove region \"cn-nanjing\" or provide better error message\n2040150 - Update ConfigMap keys for IBM HPCS\n2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth\n2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository\n2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp\n2040376 - \"unknown instance type\" error for supported m6i.xlarge instance\n2040394 - Controller: enqueue the failed configmap till services update\n2040467 - Cannot build ztp-site-generator container image\n2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn\u0027t take affect in OpenShift 4\n2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps\n2040535 - Auto-update boot source is not available in customize wizard\n2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name\n2040603 - rhel worker scaleup playbook failed because missing some dependency of podman\n2040616 - rolebindings page doesn\u0027t load for normal users\n2040620 - [MAPO] Error pulling MAPO image on installation\n2040653 - Topology sidebar warns that another component is updated while rendering\n2040655 - User settings update fails when selecting application in topology sidebar\n2040661 - Different react warnings about updating state on unmounted components when leaving topology\n2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation\n2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi\n2040694 - Three upstream HTTPClientConfig struct fields missing in the operator\n2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers\n2040710 - cluster-baremetal-operator cannot update BMC subscription CR\n2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms\n2040782 - Import YAML page blocks input with more then one generateName attribute\n2040783 - The Import from YAML summary page doesn\u0027t show the resource name if created via generateName attribute\n2040791 - Default PGT policies must be \u0027inform\u0027 to integrate with the Lifecycle Operator\n2040793 - Fix snapshot e2e failures\n2040880 - do not block upgrades if we can\u0027t connect to vcenter\n2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10\n2041093 - autounattend.xml missing\n2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates\n2041319 - [IPI on Alibabacloud] installation in region \"cn-shanghai\" failed, due to \"Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped\"\n2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23\n2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller\n2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener\n2041441 - Provision volume with size 3000Gi even if sizeRange: \u0027[10-2000]GiB\u0027 in storageclass on IBM cloud\n2041466 - Kubedescheduler version is missing from the operator logs\n2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses\n2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR is missing (controller and speaker pods)\n2041492 - Spacing between resources in inventory card is too small\n2041509 - GCP Cloud provider components should use K8s 1.23 dependencies\n2041510 - cluster-baremetal-operator doesn\u0027t run baremetal-operator\u0027s subscription webhook\n2041541 - audit: ManagedFields are dropped using API not annotation\n2041546 - ovnkube: set election timer at RAFT cluster creation time\n2041554 - use lease for leader election\n2041581 - KubeDescheduler operator log shows \"Use of insecure cipher detected\"\n2041583 - etcd and api server cpu mask interferes with a guaranteed workload\n2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure\n2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation\n2041620 - bundle CSV alm-examples does not parse\n2041641 - Fix inotify leak and kubelet retaining memory\n2041671 - Delete templates leads to 404 page\n2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category\n2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled\n2041750 - [IPI on Alibabacloud] trying \"create install-config\" with region \"cn-wulanchabu (China (Ulanqab))\" (or \"ap-southeast-6 (Philippines (Manila))\", \"cn-guangzhou (China (Guangzhou))\") failed due to invalid endpoint\n2041763 - The Observe \u003e Alerting pages no longer have their default sort order applied\n2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken\n2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied\n2041882 - cloud-network-config operator can\u0027t work normal on GCP workload identity cluster\n2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases\n2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist\n2041971 - [vsphere] Reconciliation of mutating webhooks didn\u0027t happen\n2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile\n2041999 - [PROXY] external dns pod cannot recognize custom proxy CA\n2042001 - unexpectedly found multiple load balancers\n2042029 - kubedescheduler fails to install completely\n2042036 - [IBMCLOUD] \"openshift-install explain installconfig.platform.ibmcloud\" contains not yet supported custom vpc parameters\n2042049 - Seeing warning related to unrecognized feature gate in kubescheduler \u0026 KCM logs\n2042059 - update discovery burst to reflect lots of CRDs on openshift clusters\n2042069 - Revert toolbox to rhcos-toolbox\n2042169 - Can not delete egressnetworkpolicy in Foreground propagation\n2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool\n2042265 - [IBM]\"--scale-down-utilization-threshold\" doesn\u0027t work on IBMCloud\n2042274 - Storage API should be used when creating a PVC\n2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection\n2042366 - Lifecycle hooks should be independently managed\n2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway\n2042382 - [e2e][automation] CI takes more then 2 hours to run\n2042395 - Add prerequisites for active health checks test\n2042438 - Missing rpms in openstack-installer image\n2042466 - Selection does not happen when switching from Topology Graph to List View\n2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver\n2042567 - insufficient info on CodeReady Containers configuration\n2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk\n2042619 - Overview page of the console is broken for hypershift clusters\n2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running\n2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud\n2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud\n2042770 - [IPI on Alibabacloud] with vpcID \u0026 vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly\n2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring)\n2042851 - Create template from SAP HANA template flow - VM is created instead of a new template\n2042906 - Edit machineset with same machine deletion hook name succeed\n2042960 - azure-file CI fails with \"gid(0) in storageClass and pod fsgroup(1000) are not equal\"\n2043003 - [IPI on Alibabacloud] \u0027destroy cluster\u0027 of a failed installation (bug2041694) stuck after \u0027stage=Nat gateways\u0027\n2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]\n2043043 - Cluster Autoscaler should use K8s 1.23 dependencies\n2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props)\n2043078 - Favorite system projects not visible in the project selector after toggling \"Show default projects\". \n2043117 - Recommended operators links are erroneously treated as external\n2043130 - Update CSI sidecars to the latest release for 4.10\n2043234 - Missing validation when creating several BGPPeers with the same peerAddress\n2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler\n2043254 - crio does not bind the security profiles directory\n2043296 - Ignition fails when reusing existing statically-keyed LUKS volume\n2043297 - [4.10] Bootimage bump tracker\n2043316 - RHCOS VM fails to boot on Nutanix AOS\n2043446 - Rebase aws-efs-utils to the latest upstream version. \n2043556 - Add proper ci-operator configuration to ironic and ironic-agent images\n2043577 - DPU network operator\n2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator\n2043675 - Too many machines deleted by cluster autoscaler when scaling down\n2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation\n2043709 - Logging flags no longer being bound to command line\n2043721 - Installer bootstrap hosts using outdated kubelet containing bugs\n2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather\n2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23\n2043780 - Bump router to k8s.io/api 1.23\n2043787 - Bump cluster-dns-operator to k8s.io/api 1.23\n2043801 - Bump CoreDNS to k8s.io/api 1.23\n2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown\n2043961 - [OVN-K] If pod creation fails, retry doesn\u0027t work as expected. \n2044201 - Templates golden image parameters names should be supported\n2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8]\n2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter \u201ccsi.storage.k8s.io/fstype\u201d create pvc,pod successfully but write data to the pod\u0027s volume failed of \"Permission denied\"\n2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects\n2044347 - Bump to kubernetes 1.23.3\n2044481 - collect sharedresource cluster scoped instances with must-gather\n2044496 - Unable to create hardware events subscription - failed to add finalizers\n2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources\n2044680 - Additional libovsdb performance and resource consumption fixes\n2044704 - Observe \u003e Alerting pages should not show runbook links in 4.10\n2044717 - [e2e] improve tests for upstream test environment\n2044724 - Remove namespace column on VM list page when a project is selected\n2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff\n2044808 - machine-config-daemon-pull.service: use `cp` instead of `cat` when extracting MCD in OKD\n2045024 - CustomNoUpgrade alerts should be ignored\n2045112 - vsphere-problem-detector has missing rbac rules for leases\n2045199 - SnapShot with Disk Hot-plug hangs\n2045561 - Cluster Autoscaler should use the same default Group value as Cluster API\n2045591 - Reconciliation of aws pod identity mutating webhook did not happen\n2045849 - Add Sprint 212 translations\n2045866 - MCO Operator pod spam \"Error creating event\" warning messages in 4.10\n2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin\n2045916 - [IBMCloud] Default machine profile in installer is unreliable\n2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment\n2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify\n2046137 - oc output for unknown commands is not human readable\n2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance\n2046297 - Bump DB reconnect timeout\n2046517 - In Notification drawer, the \"Recommendations\" header shows when there isn\u0027t any recommendations\n2046597 - Observe \u003e Targets page may show the wrong service monitor is multiple monitors have the same namespace \u0026 label selectors\n2046626 - Allow setting custom metrics for Ansible-based Operators\n2046683 - [AliCloud]\"--scale-down-utilization-threshold\" doesn\u0027t work on AliCloud\n2047025 - Installation fails because of Alibaba CSI driver operator is degraded\n2047190 - Bump Alibaba CSI driver for 4.10\n2047238 - When using communities and localpreferences together, only localpreference gets applied\n2047255 - alibaba: resourceGroupID not found\n2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions\n2047317 - Update HELM OWNERS files under Dev Console\n2047455 - [IBM Cloud] Update custom image os type\n2047496 - Add image digest feature\n2047779 - do not degrade cluster if storagepolicy creation fails\n2047927 - \u0027oc get project\u0027 caused \u0027Observed a panic: cannot deep copy core.NamespacePhase\u0027 when AllRequestBodies is used\n2047929 - use lease for leader election\n2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2048046 - New route annotation to show another URL or hide topology URL decorator doesn\u0027t work for Knative Services\n2048048 - Application tab in User Preferences dropdown menus are too wide. \n2048050 - Topology list view items are not highlighted on keyboard navigation\n2048117 - [IBM]Shouldn\u0027t change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value\n2048413 - Bond CNI: Failed to attach Bond NAD to pod\n2048443 - Image registry operator panics when finalizes config deletion\n2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-*\n2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt\n2048598 - Web terminal view is broken\n2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure\n2048891 - Topology page is crashed\n2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class\n2049043 - Cannot create VM from template\n2049156 - \u0027oc get project\u0027 caused \u0027Observed a panic: cannot deep copy core.NamespacePhase\u0027 when AllRequestBodies is used\n2049886 - Placeholder bug for OCP 4.10.0 metadata release\n2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning\n2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2\n2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0\n2050227 - Installation on PSI fails with: \u0027openstack platform does not have the required standard-attr-tag network extension\u0027\n2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s]\n2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members\n2050310 - ContainerCreateError when trying to launch large (\u003e500) numbers of pods across nodes\n2050370 - alert data for burn budget needs to be updated to prevent regression\n2050393 - ZTP missing support for local image registry and custom machine config\n2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud\n2050737 - Remove metrics and events for master port offsets\n2050801 - Vsphere upi tries to access vsphere during manifests generation phase\n2050883 - Logger object in LSO does not log source location accurately\n2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit\n2052062 - Whereabouts should implement client-go 1.22+\n2052125 - [4.10] Crio appears to be coredumping in some scenarios\n2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config\n2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. \n2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests\n2052598 - kube-scheduler should use configmap lease\n2052599 - kube-controller-manger should use configmap lease\n2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh\n2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid\n2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop\n2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. \n2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1\n2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch\n2052756 - [4.10] PVs are not being cleaned up after PVC deletion\n2053175 - oc adm catalog mirror throws \u0027missing signature key\u0027 error when using file://local/index\n2053218 - ImagePull fails with error \"unable to pull manifest from example.com/busy.box:v5 invalid reference format\"\n2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs\n2053268 - inability to detect static lifecycle failure\n2053314 - requestheader IDP test doesn\u0027t wait for cleanup, causing high failure rates\n2053323 - OpenShift-Ansible BYOH Unit Tests are Broken\n2053339 - Remove dev preview badge from IBM FlashSystem deployment windows\n2053751 - ztp-site-generate container is missing convenience entrypoint\n2053945 - [4.10] Failed to apply sriov policy on intel nics\n2054109 - Missing \"app\" label\n2054154 - RoleBinding in project without subject is causing \"Project access\" page to fail\n2054244 - Latest pipeline run should be listed on the top of the pipeline run list\n2054288 - console-master-e2e-gcp-console is broken\n2054562 - DPU network operator 4.10 branch need to sync with master\n2054897 - Unable to deploy hw-event-proxy operator\n2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently\n2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line\n2055371 - Remove Check which enforces summary_interval must match logSyncInterval\n2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11\n2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API\n2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured\n2056479 - ovirt-csi-driver-node pods are crashing intermittently\n2056572 - reconcilePrecaching error: cannot list resource \"clusterserviceversions\" in API group \"operators.coreos.com\" at the cluster scope\"\n2056629 - [4.10] EFS CSI driver can\u0027t unmount volumes with \"wait: no child processes\"\n2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs\n2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation\n2056948 - post 1.23 rebase: regression in service-load balancer reliability\n2057438 - Service Level Agreement (SLA) always show \u0027Unknown\u0027\n2057721 - Fix Proxy support in RHACM 2.4.2\n2057724 - Image creation fails when NMstateConfig CR is empty\n2058641 - [4.10] Pod density test causing problems when using kube-burner\n2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install\n2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials\n2060956 - service domain can\u0027t be resolved when networkpolicy is used in OCP 4.10-rc\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3577\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2017-14502\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2018-1000858\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-9952\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-25660\nhttps://access.redhat.com/security/cve/CVE-2020-25677\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27781\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/cve/CVE-2021-3516\nhttps://access.redhat.com/security/cve/CVE-2021-3517\nhttps://access.redhat.com/security/cve/CVE-2021-3518\nhttps://access.redhat.com/security/cve/CVE-2021-3520\nhttps://access.redhat.com/security/cve/CVE-2021-3521\nhttps://access.redhat.com/security/cve/CVE-2021-3537\nhttps://access.redhat.com/security/cve/CVE-2021-3541\nhttps://access.redhat.com/security/cve/CVE-2021-3733\nhttps://access.redhat.com/security/cve/CVE-2021-3749\nhttps://access.redhat.com/security/cve/CVE-2021-20305\nhttps://access.redhat.com/security/cve/CVE-2021-21684\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/cve/CVE-2021-25215\nhttps://access.redhat.com/security/cve/CVE-2021-27218\nhttps://access.redhat.com/security/cve/CVE-2021-30666\nhttps://access.redhat.com/security/cve/CVE-2021-30761\nhttps://access.redhat.com/security/cve/CVE-2021-30762\nhttps://access.redhat.com/security/cve/CVE-2021-33928\nhttps://access.redhat.com/security/cve/CVE-2021-33929\nhttps://access.redhat.com/security/cve/CVE-2021-33930\nhttps://access.redhat.com/security/cve/CVE-2021-33938\nhttps://access.redhat.com/security/cve/CVE-2021-36222\nhttps://access.redhat.com/security/cve/CVE-2021-37750\nhttps://access.redhat.com/security/cve/CVE-2021-39226\nhttps://access.redhat.com/security/cve/CVE-2021-41190\nhttps://access.redhat.com/security/cve/CVE-2021-43813\nhttps://access.redhat.com/security/cve/CVE-2021-44716\nhttps://access.redhat.com/security/cve/CVE-2021-44717\nhttps://access.redhat.com/security/cve/CVE-2022-0532\nhttps://access.redhat.com/security/cve/CVE-2022-21673\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL\n0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne\neGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM\nCEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF\naDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC\nY/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp\nsQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO\nRDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN\nrs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry\nbSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z\n7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT\nb5PUYUBIZLc=\n=GUDA\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.6 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug fixes:\n\n* RHACM 2.1.6 images (BZ#1940581)\n\n* When generating the import cluster string, it can include unescaped\ncharacters (BZ#1934184)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1929338 - CVE-2020-35149 mquery: Code injection via merge or clone operation\n1934184 - When generating the import cluster string, it can include unescaped characters\n1940581 - RHACM 2.1.6 images\n\n5. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n\n6. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-httpd-2.4.37-70.jbcs.el7.src.rpm\njbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.src.rpm\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.src.rpm\njbcs-httpd24-mod_jk-1.2.48-13.redhat_1.jbcs.el7.src.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.src.rpm\njbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.src.rpm\njbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.src.rpm\njbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.37-70.jbcs.el7.noarch.rpm\n\nppc64:\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.ppc64.rpm\n\nx86_64:\njbcs-httpd24-httpd-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-manual-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.2-60.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_session-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1g-6.jbcs.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nSecurity Fix(es):\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to\npanic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names\n(CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if\nfirst one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error\nif passed inputs with very large exponents (CVE-2021-33198)\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a\ncustom TokenReader (CVE-2021-27918)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a\nvery large header (CVE-2021-31525)\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (CVE-2021-33196)\n\nIt was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196\nhave been incorrectly mentioned as fixed in RHSA for Serverless client kn\n1.16.0. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1983651 - Release of OpenShift Serverless Serving 1.17.0\n1983654 - Release of OpenShift Serverless Eventing 1.17.0\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2021-3450" }, { "db": "VULHUB", "id": "VHN-388430" }, { "db": "VULMON", "id": "CVE-2021-3450" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163747" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "166279" }, { "db": "PACKETSTORM", "id": "162183" }, { "db": "PACKETSTORM", "id": "162337" }, { "db": "PACKETSTORM", "id": "162196" }, { "db": "PACKETSTORM", "id": "162201" }, { "db": "PACKETSTORM", "id": "164192" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-3450", "trust": 2.1 }, { "db": "SIEMENS", "id": "SSA-389290", "trust": 1.2 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/28/3", "trust": 1.2 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/27/2", "trust": 1.2 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/28/4", "trust": 1.2 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/27/1", "trust": 1.2 }, { "db": "TENABLE", "id": "TNS-2021-05", "trust": 1.2 }, { "db": "TENABLE", "id": "TNS-2021-09", "trust": 1.2 }, { "db": "TENABLE", "id": "TNS-2021-08", "trust": 1.2 }, { "db": "PULSESECURE", "id": "SA44845", "trust": 1.2 }, { "db": "MCAFEE", "id": "SB10356", "trust": 1.2 }, { "db": "PACKETSTORM", "id": "162337", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162196", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162383", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162201", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162183", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162151", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162197", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162189", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163257", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162172", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162307", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162200", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162013", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162041", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162699", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-388430", "trust": 0.1 }, { "db": "ICS CERT", "id": "ICSA-22-069-09", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-3450", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162694", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163747", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "166279", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "164192", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-388430" }, { "db": "VULMON", "id": "CVE-2021-3450" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163747" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "166279" }, { "db": "PACKETSTORM", "id": "162183" }, { "db": "PACKETSTORM", "id": "162337" }, { "db": "PACKETSTORM", "id": "162196" }, { "db": "PACKETSTORM", "id": "162201" }, { "db": "PACKETSTORM", "id": "164192" }, { "db": "NVD", "id": "CVE-2021-3450" } ] }, "id": "VAR-202103-1463", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-388430" } ], "trust": 0.38583214499999996 }, "last_update_date": "2024-07-23T21:05:39.679000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2021/03/25/openssl_bug_fix/" }, { "title": "Red Hat: CVE-2021-3450", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-3450" }, { "title": "IBM: Security Bulletin: OpenSSL Vulnerabilities Affect IBM Sterling Connect:Express for UNIX (CVE-2021-3449, CVE-2021-3450)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=084930e972e3fa390ca483e019684fa8" }, { "title": "Arch Linux Advisories: [ASA-202103-10] openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202103-10" }, { "title": "Amazon Linux 2: ALAS2-2021-1622", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1622" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-3450 log" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-openssl-2021-ghy28djd" }, { "title": "Tenable Security Advisories: [R1] Nessus 8.13.2 Fixes Multiple Third-party Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-05" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-117" }, { "title": "Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-09" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-119" }, { "title": "IBM: Security Bulletin: Vulnerabilities in XStream, Java, OpenSSL, WebSphere Application Server Liberty and Node.js affect IBM Spectrum Control", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=928e1f86fc9400462623e646ce4f11d9" }, { "title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220056 - security advisory" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d" }, { "title": "yr_of_the_jellyfish", "trust": 0.1, "url": "https://github.com/rnbochsr/yr_of_the_jellyfish " }, { "title": "", "trust": 0.1, "url": "https://github.com/tianocore-docs/thirdpartysecurityadvisories " }, { "title": "tekton-image-scan-trivy", "trust": 0.1, "url": "https://github.com/vinamra28/tekton-image-scan-trivy " }, { "title": "TASSL-1.1.1k", "trust": 0.1, "url": "https://github.com/jntass/tassl-1.1.1k " }, { "title": "", "trust": 0.1, "url": "https://github.com/scholarnishu/trivy-by-aquasecurity " }, { "title": "", "trust": 0.1, "url": "https://github.com/teresaweber685/book_list " }, { "title": "", "trust": 0.1, "url": "https://github.com/isgo-golgo13/gokit-gorillakit-enginesvc " }, { "title": "", "trust": 0.1, "url": "https://github.com/fredrkl/trivy-demo " }, { "title": "BleepingComputer", "trust": 0.1, "url": "https://www.bleepingcomputer.com/news/security/openssl-fixes-severe-dos-certificate-validation-vulnerabilities/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-3450" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-295", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-388430" }, { "db": "NVD", "id": "CVE-2021-3450" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.3, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd" }, { "trust": 1.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "trust": 1.2, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845" }, { "trust": 1.2, "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013" }, { "trust": 1.2, "url": "https://security.netapp.com/advisory/ntap-20210326-0006/" }, { "trust": 1.2, "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "trust": 1.2, "url": "https://www.tenable.com/security/tns-2021-05" }, { "trust": 1.2, "url": "https://www.tenable.com/security/tns-2021-08" }, { "trust": 1.2, "url": "https://www.tenable.com/security/tns-2021-09" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/202103-03" }, { "trust": 1.2, "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-march/000198.html" }, { "trust": 1.2, "url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc" }, { "trust": 1.2, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.2, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.2, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.2, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.2, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.2, "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1" }, { "trust": 1.2, "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2" }, { "trust": 1.2, "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3" }, { "trust": 1.2, "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356" }, { "trust": 1.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/" }, { "trust": 1.0, "url": "https://access.redhat.com/security/cve/cve-2021-3450" }, { "trust": 0.9, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.9, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.9, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2021-20305" }, { "trust": 0.5, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20454" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-1000858" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-13050" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-14889" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-1730" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-19906" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-13627" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-20843" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-15903" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-15358" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3520" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-13434" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3537" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3518" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-29362" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3516" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-14502" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9169" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-29361" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3517" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3541" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3326" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-25013" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-8927" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-29363" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-10228" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-27618" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8286" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-28196" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8231" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8285" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20271" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-2708" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8284" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3347" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-28374" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-27364" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26708" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-27152" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-27363" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-27365" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-0466" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-26708" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-27218" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3121" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/295.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20907" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13632" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8492" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16168" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9327" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13630" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20387" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.5/html/serverless_applications/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3115" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9327" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16935" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19221" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-6405" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20388" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3114" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2021" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13631" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8492" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5018" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19956" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13632" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6405" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20218" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20916" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28469" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28500" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20934" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29418" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33034" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28092" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33909" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27219" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29482" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23337" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-32399" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23369" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21321" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23368" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11668" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23362" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23364" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23343" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21309" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33502" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23841" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23383" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28918" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28851" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3560" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28852" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33033" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20934" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25217" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3016" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3377" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21272" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29477" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27292" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23346" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29478" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11668" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23839" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33623" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21322" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23382" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33910" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23358" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1448" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9925" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8771" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33938" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8783" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9895" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8625" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-44716" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8812" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8812" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3899" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8819" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-43813" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3867" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9893" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33930" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8808" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3902" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24407" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25215" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3900" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30761" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33928" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9805" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8820" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9807" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8769" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8813" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9850" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27781" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8811" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0055" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22947" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9803" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9862" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3577" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3749" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3885" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15503" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-41190" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10018" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25660" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8764" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3733" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8844" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3865" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3864" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21684" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14391" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3862" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0056" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8811" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3901" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39226" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8823" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8808" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3895" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-44717" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11793" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0532" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9894" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8816" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9843" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8771" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3897" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9806" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8814" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8743" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33929" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9915" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36222" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8815" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8813" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8783" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20807" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9952" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22946" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-21673" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8766" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3868" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8846" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3894" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25677" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30666" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3521" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1196" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20218" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1369" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35149" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35149" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14040" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1199" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1202" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27918" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33196" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27918" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33196" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33198" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-31525" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-34558" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33197" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3421" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3703" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index" } ], "sources": [ { "db": "VULHUB", "id": "VHN-388430" }, { "db": "VULMON", "id": "CVE-2021-3450" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163747" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "166279" }, { "db": "PACKETSTORM", "id": "162183" }, { "db": "PACKETSTORM", "id": "162337" }, { "db": "PACKETSTORM", "id": "162196" }, { "db": "PACKETSTORM", "id": "162201" }, { "db": "PACKETSTORM", "id": "164192" }, { "db": "NVD", "id": "CVE-2021-3450" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-388430" }, { "db": "VULMON", "id": "CVE-2021-3450" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163747" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "166279" }, { "db": "PACKETSTORM", "id": "162183" }, { "db": "PACKETSTORM", "id": "162337" }, { "db": "PACKETSTORM", "id": "162196" }, { "db": "PACKETSTORM", "id": "162201" }, { "db": "PACKETSTORM", "id": "164192" }, { "db": "NVD", "id": "CVE-2021-3450" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-03-25T00:00:00", "db": "VULHUB", "id": "VHN-388430" }, { "date": "2021-03-25T00:00:00", "db": "VULMON", "id": "CVE-2021-3450" }, { "date": "2021-05-19T14:19:18", "db": "PACKETSTORM", "id": "162694" }, { "date": "2021-08-06T14:02:37", "db": "PACKETSTORM", "id": "163747" }, { "date": "2021-04-29T14:37:49", "db": "PACKETSTORM", "id": "162383" }, { "date": "2022-03-11T16:38:38", "db": "PACKETSTORM", "id": "166279" }, { "date": "2021-04-14T16:40:32", "db": "PACKETSTORM", "id": "162183" }, { "date": "2021-04-26T19:21:56", "db": "PACKETSTORM", "id": "162337" }, { "date": "2021-04-15T13:49:54", "db": "PACKETSTORM", "id": "162196" }, { "date": "2021-04-15T13:50:39", "db": "PACKETSTORM", "id": "162201" }, { "date": "2021-09-17T16:04:56", "db": "PACKETSTORM", "id": "164192" }, { "date": "2021-03-25T15:15:13.560000", "db": "NVD", "id": "CVE-2021-3450" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-28T00:00:00", "db": "VULHUB", "id": "VHN-388430" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2021-3450" }, { "date": "2023-11-07T03:38:00.923000", "db": "NVD", "id": "CVE-2021-3450" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat Security Advisory 2021-2021-01", "sources": [ { "db": "PACKETSTORM", "id": "162694" } ], "trust": 0.1 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution", "sources": [ { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "162383" } ], "trust": 0.2 } }
rhsa-2021_1202
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 7.\n\nRed Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 12 serves as a replacement for Red Hat JBoss Web Server 3.1.11, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1202", "url": "https://access.redhat.com/errata/RHSA-2021:1202" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1941547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941547" }, { "category": "external", "summary": "1941554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941554" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1202.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 12 security update", "tracking": { "current_release_date": "2024-11-05T23:27:27+00:00", "generator": { "date": "2024-11-05T23:27:27+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:1202", "initial_release_date": "2021-04-14T18:02:04+00:00", "revision_history": [ { "date": "2021-04-14T18:02:04+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-04-14T18:02:04+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:27:27+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Server 3.1 for RHEL 7", "product": { "name": "Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" }, { "branches": [ { "category": "product_version", "name": "tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.src", "product": { "name": "tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.src", "product_id": "tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native@1.2.23-24.redhat_24.ep7.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.x86_64", "product": { "name": "tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.x86_64", "product_id": "tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native@1.2.23-24.redhat_24.ep7.el7?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat-native-debuginfo-0:1.2.23-24.redhat_24.ep7.el7.x86_64", "product": { "name": "tomcat-native-debuginfo-0:1.2.23-24.redhat_24.ep7.el7.x86_64", "product_id": "tomcat-native-debuginfo-0:1.2.23-24.redhat_24.ep7.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.2.23-24.redhat_24.ep7.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.src" }, "product_reference": "tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.src", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.x86_64" }, "product_reference": "tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.x86_64", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-debuginfo-0:1.2.23-24.redhat_24.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-24.redhat_24.ep7.el7.x86_64" }, "product_reference": "tomcat-native-debuginfo-0:1.2.23-24.redhat_24.ep7.el7.x86_64", "relates_to_product_reference": "7Server-JWS-3.1" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the OpenSSL project" ] }, { "names": [ "Nokia" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3449", "discovery_date": "2021-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941554" } ], "notes": [ { "category": "description", "text": "A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extension. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NULL pointer dereference in signature_algorithms processing", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects OpenSSL 1.1.1, older versions are not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-24.redhat_24.ep7.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3449" }, { "category": "external", "summary": "RHBZ#1941554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3449", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210325.txt", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "release_date": "2021-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-04-14T18:02:04+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-24.redhat_24.ep7.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1202" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling TLS renegotiation on servers compiled with OpenSSL. It is enabled by default, but can be disabled for servers which do not require it and can be used to mitigate this flaw. Versions of httpd package shipped with Red Hat Enterprise Linux 8 have TLS renegotiation disabled by default.", "product_ids": [ "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-24.redhat_24.ep7.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-24.redhat_24.ep7.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: NULL pointer dereference in signature_algorithms processing" }, { "acknowledgments": [ { "names": [ "the OpenSSL Project" ] }, { "names": [ "Benjamin Kaduk" ], "summary": "Acknowledged by upstream." }, { "names": [ "Xiang Ding and others" ], "organization": "Akamai", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3450", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2021-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941547" } ], "notes": [ { "category": "description", "text": "A flaw was found in openssl. The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects openssl 1.1.1h and above only, older versions are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-24.redhat_24.ep7.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3450" }, { "category": "external", "summary": "RHBZ#1941547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941547" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3450", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210325.txt", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "release_date": "2021-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-04-14T18:02:04+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-24.redhat_24.ep7.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1202" }, { "category": "workaround", "details": "The following conditions have to be met for an application compiled with OpenSSL to be vulnerable:\n\n- the CA trusted by the system must issue or have issued certificates that don\u0027t include basic Key Usage extension.\n- the CA certificates must not have path length constraint set to a value that would limit the certificate chain to just the subscriber certificates (i.e. CA certificate just above the subscriber cert must not have 0 as the path length constraint, and any CA above it must not have it increase by more than 1 for every level in the hierarchy)\n- the attacker needs to have access to such subscriber certificate (without basic Key Usage and linking up to CAs without path length constraints or not effectively constraining certs issued by this certificate)\n- the application under attack must use the X509_V_FLAG_X509_STRICT flag and must not set purpose for the certificate verification\n\nif any of the above conditions are not met then the application compiled with OpenSSL is not vulnerable to the CVE.", "product_ids": [ "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-24.redhat_24.ep7.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.23-24.redhat_24.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.23-24.redhat_24.ep7.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT" } ] }
rhsa-2021_1195
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated Red Hat JBoss Web Server 5.4.2 packages are now available for Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.4.2 serves as a replacement for Red Hat JBoss Web Server 5.4.1, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1195", "url": "https://access.redhat.com/errata/RHSA-2021:1195" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1941547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941547" }, { "category": "external", "summary": "1941554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941554" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1195.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.4.2 Security Update", "tracking": { "current_release_date": "2024-11-05T23:27:32+00:00", "generator": { "date": "2024-11-05T23:27:32+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:1195", "initial_release_date": "2021-04-14T14:48:19+00:00", "revision_history": [ { "date": "2021-04-14T14:48:19+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-04-14T14:48:19+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:27:32+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Server 5.4 for RHEL 7 Server", "product": { "name": "Red Hat JBoss Web Server 5.4 for RHEL 7 Server", "product_id": "7Server-JWS-5.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.4::el7" } } }, { "category": "product_name", "name": "Red Hat JBoss Web Server 5.4 for RHEL 8", "product": { "name": "Red Hat JBoss Web Server 5.4 for RHEL 8", "product_id": "8Base-JWS-5.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.4::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" }, { "branches": [ { "category": "product_version", "name": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.src", "product": { "name": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.src", "product_id": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.25-4.redhat_4.el7jws?arch=src" } } }, { "category": "product_version", "name": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.src", "product": { "name": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.src", "product_id": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.25-4.redhat_4.el8jws?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.x86_64", "product": { "name": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.x86_64", "product_id": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.25-4.redhat_4.el7jws?arch=x86_64" } } }, { "category": "product_version", "name": "jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el7jws.x86_64", "product": { "name": "jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el7jws.x86_64", "product_id": "jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el7jws.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.25-4.redhat_4.el7jws?arch=x86_64" } } }, { "category": "product_version", "name": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.x86_64", "product": { "name": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.x86_64", "product_id": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.25-4.redhat_4.el8jws?arch=x86_64" } } }, { "category": "product_version", "name": "jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el8jws.x86_64", "product": { "name": "jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el8jws.x86_64", "product_id": "jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el8jws.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.25-4.redhat_4.el8jws?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.src as a component of Red Hat JBoss Web Server 5.4 for RHEL 7 Server", "product_id": "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.src" }, "product_reference": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.src", "relates_to_product_reference": "7Server-JWS-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.4 for RHEL 7 Server", "product_id": "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.x86_64" }, "product_reference": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.x86_64", "relates_to_product_reference": "7Server-JWS-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.4 for RHEL 7 Server", "product_id": "7Server-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el7jws.x86_64" }, "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el7jws.x86_64", "relates_to_product_reference": "7Server-JWS-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.src as a component of Red Hat JBoss Web Server 5.4 for RHEL 8", "product_id": "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.src" }, "product_reference": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.src", "relates_to_product_reference": "8Base-JWS-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.4 for RHEL 8", "product_id": "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.x86_64" }, "product_reference": "jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.x86_64", "relates_to_product_reference": "8Base-JWS-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.4 for RHEL 8", "product_id": "8Base-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el8jws.x86_64" }, "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el8jws.x86_64", "relates_to_product_reference": "8Base-JWS-5.4" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the OpenSSL project" ] }, { "names": [ "Nokia" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3449", "discovery_date": "2021-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941554" } ], "notes": [ { "category": "description", "text": "A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extension. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NULL pointer dereference in signature_algorithms processing", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects OpenSSL 1.1.1, older versions are not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.src", "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.x86_64", "7Server-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el7jws.x86_64", "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.src", "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.x86_64", "8Base-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el8jws.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3449" }, { "category": "external", "summary": "RHBZ#1941554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3449", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210325.txt", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "release_date": "2021-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-04-14T14:48:19+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.src", "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.x86_64", "7Server-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el7jws.x86_64", "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.src", "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.x86_64", "8Base-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el8jws.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1195" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling TLS renegotiation on servers compiled with OpenSSL. It is enabled by default, but can be disabled for servers which do not require it and can be used to mitigate this flaw. Versions of httpd package shipped with Red Hat Enterprise Linux 8 have TLS renegotiation disabled by default.", "product_ids": [ "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.src", "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.x86_64", "7Server-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el7jws.x86_64", "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.src", "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.x86_64", "8Base-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el8jws.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.src", "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.x86_64", "7Server-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el7jws.x86_64", "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.src", "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.x86_64", "8Base-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el8jws.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: NULL pointer dereference in signature_algorithms processing" }, { "acknowledgments": [ { "names": [ "the OpenSSL Project" ] }, { "names": [ "Benjamin Kaduk" ], "summary": "Acknowledged by upstream." }, { "names": [ "Xiang Ding and others" ], "organization": "Akamai", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3450", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2021-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941547" } ], "notes": [ { "category": "description", "text": "A flaw was found in openssl. The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects openssl 1.1.1h and above only, older versions are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.src", "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.x86_64", "7Server-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el7jws.x86_64", "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.src", "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.x86_64", "8Base-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el8jws.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3450" }, { "category": "external", "summary": "RHBZ#1941547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941547" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3450", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210325.txt", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "release_date": "2021-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-04-14T14:48:19+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.src", "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.x86_64", "7Server-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el7jws.x86_64", "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.src", "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.x86_64", "8Base-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el8jws.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1195" }, { "category": "workaround", "details": "The following conditions have to be met for an application compiled with OpenSSL to be vulnerable:\n\n- the CA trusted by the system must issue or have issued certificates that don\u0027t include basic Key Usage extension.\n- the CA certificates must not have path length constraint set to a value that would limit the certificate chain to just the subscriber certificates (i.e. CA certificate just above the subscriber cert must not have 0 as the path length constraint, and any CA above it must not have it increase by more than 1 for every level in the hierarchy)\n- the attacker needs to have access to such subscriber certificate (without basic Key Usage and linking up to CAs without path length constraints or not effectively constraining certs issued by this certificate)\n- the application under attack must use the X509_V_FLAG_X509_STRICT flag and must not set purpose for the certificate verification\n\nif any of the above conditions are not met then the application compiled with OpenSSL is not vulnerable to the CVE.", "product_ids": [ "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.src", "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.x86_64", "7Server-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el7jws.x86_64", "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.src", "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.x86_64", "8Base-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el8jws.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.src", "7Server-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws.x86_64", "7Server-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el7jws.x86_64", "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.src", "8Base-JWS-5.4:jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws.x86_64", "8Base-JWS-5.4:jws5-tomcat-native-debuginfo-0:1.2.25-4.redhat_4.el8jws.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT" } ] }
rhsa-2021_1200
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity fix(es):\n\n* openssl: NULL pointer deref in signature_algorithms processing (CVE-2021-3449)\n\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1200", "url": "https://access.redhat.com/errata/RHSA-2021:1200" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37" }, { "category": "external", "summary": "1941547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941547" }, { "category": "external", "summary": "1941554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941554" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1200.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update", "tracking": { "current_release_date": "2024-11-05T23:27:26+00:00", "generator": { "date": "2024-11-05T23:27:26+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:1200", "initial_release_date": "2021-04-14T15:59:58+00:00", "revision_history": [ { "date": "2021-04-14T15:59:58+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-04-14T15:59:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:27:26+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "JBCS 2.4.37 SP7", "product": { "name": "JBCS 2.4.37 SP7", "product_id": "JBCS 2.4.37 SP7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the OpenSSL project" ] }, { "names": [ "Nokia" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3449", "discovery_date": "2021-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941554" } ], "notes": [ { "category": "description", "text": "A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extension. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NULL pointer dereference in signature_algorithms processing", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects OpenSSL 1.1.1, older versions are not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS 2.4.37 SP7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3449" }, { "category": "external", "summary": "RHBZ#1941554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3449", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210325.txt", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "release_date": "2021-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-04-14T15:59:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "JBCS 2.4.37 SP7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1200" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling TLS renegotiation on servers compiled with OpenSSL. It is enabled by default, but can be disabled for servers which do not require it and can be used to mitigate this flaw. Versions of httpd package shipped with Red Hat Enterprise Linux 8 have TLS renegotiation disabled by default.", "product_ids": [ "JBCS 2.4.37 SP7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "JBCS 2.4.37 SP7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: NULL pointer dereference in signature_algorithms processing" }, { "acknowledgments": [ { "names": [ "the OpenSSL Project" ] }, { "names": [ "Benjamin Kaduk" ], "summary": "Acknowledged by upstream." }, { "names": [ "Xiang Ding and others" ], "organization": "Akamai", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3450", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2021-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941547" } ], "notes": [ { "category": "description", "text": "A flaw was found in openssl. The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects openssl 1.1.1h and above only, older versions are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS 2.4.37 SP7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3450" }, { "category": "external", "summary": "RHBZ#1941547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941547" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3450", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210325.txt", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "release_date": "2021-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-04-14T15:59:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "JBCS 2.4.37 SP7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1200" }, { "category": "workaround", "details": "The following conditions have to be met for an application compiled with OpenSSL to be vulnerable:\n\n- the CA trusted by the system must issue or have issued certificates that don\u0027t include basic Key Usage extension.\n- the CA certificates must not have path length constraint set to a value that would limit the certificate chain to just the subscriber certificates (i.e. CA certificate just above the subscriber cert must not have 0 as the path length constraint, and any CA above it must not have it increase by more than 1 for every level in the hierarchy)\n- the attacker needs to have access to such subscriber certificate (without basic Key Usage and linking up to CAs without path length constraints or not effectively constraining certs issued by this certificate)\n- the application under attack must use the X509_V_FLAG_X509_STRICT flag and must not set purpose for the certificate verification\n\nif any of the above conditions are not met then the application compiled with OpenSSL is not vulnerable to the CVE.", "product_ids": [ "JBCS 2.4.37 SP7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "JBCS 2.4.37 SP7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT" } ] }
rhsa-2021_1196
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss Web Server 5.4.2 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 and Windows.\n\nRed Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.4.2 serves as a replacement for Red Hat JBoss Web Server 5.4.1, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1196", "url": "https://access.redhat.com/errata/RHSA-2021:1196" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1941547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941547" }, { "category": "external", "summary": "1941554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941554" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1196.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.4.2 Security Update", "tracking": { "current_release_date": "2024-11-05T23:27:47+00:00", "generator": { "date": "2024-11-05T23:27:47+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:1196", "initial_release_date": "2021-04-14T14:34:26+00:00", "revision_history": [ { "date": "2021-04-14T14:34:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-04-14T14:34:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:27:47+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Server 5", "product": { "name": "Red Hat JBoss Web Server 5", "product_id": "Red Hat JBoss Web Server 5", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.4" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the OpenSSL project" ] }, { "names": [ "Nokia" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3449", "discovery_date": "2021-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941554" } ], "notes": [ { "category": "description", "text": "A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extension. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NULL pointer dereference in signature_algorithms processing", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects OpenSSL 1.1.1, older versions are not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 5" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3449" }, { "category": "external", "summary": "RHBZ#1941554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3449", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210325.txt", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "release_date": "2021-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-04-14T14:34:26+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Web Server 5" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1196" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling TLS renegotiation on servers compiled with OpenSSL. It is enabled by default, but can be disabled for servers which do not require it and can be used to mitigate this flaw. Versions of httpd package shipped with Red Hat Enterprise Linux 8 have TLS renegotiation disabled by default.", "product_ids": [ "Red Hat JBoss Web Server 5" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Web Server 5" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: NULL pointer dereference in signature_algorithms processing" }, { "acknowledgments": [ { "names": [ "the OpenSSL Project" ] }, { "names": [ "Benjamin Kaduk" ], "summary": "Acknowledged by upstream." }, { "names": [ "Xiang Ding and others" ], "organization": "Akamai", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3450", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2021-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941547" } ], "notes": [ { "category": "description", "text": "A flaw was found in openssl. The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects openssl 1.1.1h and above only, older versions are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 5" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3450" }, { "category": "external", "summary": "RHBZ#1941547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941547" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3450", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210325.txt", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "release_date": "2021-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-04-14T14:34:26+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Web Server 5" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1196" }, { "category": "workaround", "details": "The following conditions have to be met for an application compiled with OpenSSL to be vulnerable:\n\n- the CA trusted by the system must issue or have issued certificates that don\u0027t include basic Key Usage extension.\n- the CA certificates must not have path length constraint set to a value that would limit the certificate chain to just the subscriber certificates (i.e. CA certificate just above the subscriber cert must not have 0 as the path length constraint, and any CA above it must not have it increase by more than 1 for every level in the hierarchy)\n- the attacker needs to have access to such subscriber certificate (without basic Key Usage and linking up to CAs without path length constraints or not effectively constraining certs issued by this certificate)\n- the application under attack must use the X509_V_FLAG_X509_STRICT flag and must not set purpose for the certificate verification\n\nif any of the above conditions are not met then the application compiled with OpenSSL is not vulnerable to the CVE.", "product_ids": [ "Red Hat JBoss Web Server 5" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Web Server 5" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT" } ] }
rhsa-2021_1203
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Web Server 3.1, for RHEL 7 and Windows.\n\nRed Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 12 serves as a replacement for Red Hat JBoss Web Server 3.1.11, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1203", "url": "https://access.redhat.com/errata/RHSA-2021:1203" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1941547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941547" }, { "category": "external", "summary": "1941554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941554" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1203.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 12 security update", "tracking": { "current_release_date": "2024-11-05T23:27:20+00:00", "generator": { "date": "2024-11-05T23:27:20+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:1203", "initial_release_date": "2021-04-14T17:57:20+00:00", "revision_history": [ { "date": "2021-04-14T17:57:20+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-04-14T17:57:20+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:27:20+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Server 3.1", "product": { "name": "Red Hat JBoss Web Server 3.1", "product_id": "Red Hat JBoss Web Server 3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the OpenSSL project" ] }, { "names": [ "Nokia" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3449", "discovery_date": "2021-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941554" } ], "notes": [ { "category": "description", "text": "A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extension. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NULL pointer dereference in signature_algorithms processing", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects OpenSSL 1.1.1, older versions are not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 3.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3449" }, { "category": "external", "summary": "RHBZ#1941554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3449", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210325.txt", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "release_date": "2021-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-04-14T17:57:20+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Web Server 3.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1203" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling TLS renegotiation on servers compiled with OpenSSL. It is enabled by default, but can be disabled for servers which do not require it and can be used to mitigate this flaw. Versions of httpd package shipped with Red Hat Enterprise Linux 8 have TLS renegotiation disabled by default.", "product_ids": [ "Red Hat JBoss Web Server 3.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Web Server 3.1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: NULL pointer dereference in signature_algorithms processing" }, { "acknowledgments": [ { "names": [ "the OpenSSL Project" ] }, { "names": [ "Benjamin Kaduk" ], "summary": "Acknowledged by upstream." }, { "names": [ "Xiang Ding and others" ], "organization": "Akamai", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3450", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2021-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941547" } ], "notes": [ { "category": "description", "text": "A flaw was found in openssl. The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects openssl 1.1.1h and above only, older versions are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 3.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3450" }, { "category": "external", "summary": "RHBZ#1941547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941547" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3450", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210325.txt", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "release_date": "2021-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-04-14T17:57:20+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Red Hat JBoss Web Server 3.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1203" }, { "category": "workaround", "details": "The following conditions have to be met for an application compiled with OpenSSL to be vulnerable:\n\n- the CA trusted by the system must issue or have issued certificates that don\u0027t include basic Key Usage extension.\n- the CA certificates must not have path length constraint set to a value that would limit the certificate chain to just the subscriber certificates (i.e. CA certificate just above the subscriber cert must not have 0 as the path length constraint, and any CA above it must not have it increase by more than 1 for every level in the hierarchy)\n- the attacker needs to have access to such subscriber certificate (without basic Key Usage and linking up to CAs without path length constraints or not effectively constraining certs issued by this certificate)\n- the application under attack must use the X509_V_FLAG_X509_STRICT flag and must not set purpose for the certificate verification\n\nif any of the above conditions are not met then the application compiled with OpenSSL is not vulnerable to the CVE.", "product_ids": [ "Red Hat JBoss Web Server 3.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Web Server 3.1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT" } ] }
rhsa-2021_1024
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for openssl is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1024", "url": "https://access.redhat.com/errata/RHSA-2021:1024" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1941547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941547" }, { "category": "external", "summary": "1941554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941554" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1024.json" } ], "title": "Red Hat Security Advisory: openssl security update", "tracking": { "current_release_date": "2024-11-05T23:25:35+00:00", "generator": { "date": "2024-11-05T23:25:35+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:1024", "initial_release_date": "2021-03-30T14:40:51+00:00", "revision_history": [ { "date": "2021-03-30T14:40:51+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-03-30T14:40:51+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:25:35+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product": { "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "openssl-1:1.1.1g-15.el8_3.src", "product": { "name": "openssl-1:1.1.1g-15.el8_3.src", "product_id": "openssl-1:1.1.1g-15.el8_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.1.1g-15.el8_3?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "openssl-1:1.1.1g-15.el8_3.aarch64", "product": { "name": "openssl-1:1.1.1g-15.el8_3.aarch64", "product_id": "openssl-1:1.1.1g-15.el8_3.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.1.1g-15.el8_3?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:1.1.1g-15.el8_3.aarch64", "product": { "name": "openssl-devel-1:1.1.1g-15.el8_3.aarch64", "product_id": "openssl-devel-1:1.1.1g-15.el8_3.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.1.1g-15.el8_3?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:1.1.1g-15.el8_3.aarch64", "product": { "name": "openssl-libs-1:1.1.1g-15.el8_3.aarch64", "product_id": "openssl-libs-1:1.1.1g-15.el8_3.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs@1.1.1g-15.el8_3?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:1.1.1g-15.el8_3.aarch64", "product": { "name": "openssl-perl-1:1.1.1g-15.el8_3.aarch64", "product_id": "openssl-perl-1:1.1.1g-15.el8_3.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.1.1g-15.el8_3?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debugsource-1:1.1.1g-15.el8_3.aarch64", "product": { "name": "openssl-debugsource-1:1.1.1g-15.el8_3.aarch64", "product_id": "openssl-debugsource-1:1.1.1g-15.el8_3.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debugsource@1.1.1g-15.el8_3?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debuginfo-1:1.1.1g-15.el8_3.aarch64", "product": { "name": "openssl-debuginfo-1:1.1.1g-15.el8_3.aarch64", "product_id": "openssl-debuginfo-1:1.1.1g-15.el8_3.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.1.1g-15.el8_3?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.aarch64", "product": { "name": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.aarch64", "product_id": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs-debuginfo@1.1.1g-15.el8_3?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "openssl-1:1.1.1g-15.el8_3.ppc64le", "product": { "name": "openssl-1:1.1.1g-15.el8_3.ppc64le", "product_id": "openssl-1:1.1.1g-15.el8_3.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.1.1g-15.el8_3?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:1.1.1g-15.el8_3.ppc64le", "product": { "name": "openssl-devel-1:1.1.1g-15.el8_3.ppc64le", "product_id": "openssl-devel-1:1.1.1g-15.el8_3.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.1.1g-15.el8_3?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:1.1.1g-15.el8_3.ppc64le", "product": { "name": "openssl-libs-1:1.1.1g-15.el8_3.ppc64le", "product_id": "openssl-libs-1:1.1.1g-15.el8_3.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs@1.1.1g-15.el8_3?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:1.1.1g-15.el8_3.ppc64le", "product": { "name": "openssl-perl-1:1.1.1g-15.el8_3.ppc64le", "product_id": "openssl-perl-1:1.1.1g-15.el8_3.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.1.1g-15.el8_3?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debugsource-1:1.1.1g-15.el8_3.ppc64le", "product": { "name": "openssl-debugsource-1:1.1.1g-15.el8_3.ppc64le", "product_id": "openssl-debugsource-1:1.1.1g-15.el8_3.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debugsource@1.1.1g-15.el8_3?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "product": { "name": "openssl-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "product_id": "openssl-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.1.1g-15.el8_3?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "product": { "name": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "product_id": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs-debuginfo@1.1.1g-15.el8_3?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openssl-1:1.1.1g-15.el8_3.x86_64", "product": { "name": "openssl-1:1.1.1g-15.el8_3.x86_64", "product_id": "openssl-1:1.1.1g-15.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.1.1g-15.el8_3?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:1.1.1g-15.el8_3.x86_64", "product": { "name": "openssl-devel-1:1.1.1g-15.el8_3.x86_64", "product_id": "openssl-devel-1:1.1.1g-15.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.1.1g-15.el8_3?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:1.1.1g-15.el8_3.x86_64", "product": { "name": "openssl-libs-1:1.1.1g-15.el8_3.x86_64", "product_id": "openssl-libs-1:1.1.1g-15.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs@1.1.1g-15.el8_3?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:1.1.1g-15.el8_3.x86_64", "product": { "name": "openssl-perl-1:1.1.1g-15.el8_3.x86_64", "product_id": "openssl-perl-1:1.1.1g-15.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.1.1g-15.el8_3?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debugsource-1:1.1.1g-15.el8_3.x86_64", "product": { "name": "openssl-debugsource-1:1.1.1g-15.el8_3.x86_64", "product_id": "openssl-debugsource-1:1.1.1g-15.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debugsource@1.1.1g-15.el8_3?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debuginfo-1:1.1.1g-15.el8_3.x86_64", "product": { "name": "openssl-debuginfo-1:1.1.1g-15.el8_3.x86_64", "product_id": "openssl-debuginfo-1:1.1.1g-15.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.1.1g-15.el8_3?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.x86_64", "product": { "name": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.x86_64", "product_id": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs-debuginfo@1.1.1g-15.el8_3?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "openssl-devel-1:1.1.1g-15.el8_3.i686", "product": { "name": "openssl-devel-1:1.1.1g-15.el8_3.i686", "product_id": "openssl-devel-1:1.1.1g-15.el8_3.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.1.1g-15.el8_3?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:1.1.1g-15.el8_3.i686", "product": { "name": "openssl-libs-1:1.1.1g-15.el8_3.i686", "product_id": "openssl-libs-1:1.1.1g-15.el8_3.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs@1.1.1g-15.el8_3?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debugsource-1:1.1.1g-15.el8_3.i686", "product": { "name": "openssl-debugsource-1:1.1.1g-15.el8_3.i686", "product_id": "openssl-debugsource-1:1.1.1g-15.el8_3.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debugsource@1.1.1g-15.el8_3?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debuginfo-1:1.1.1g-15.el8_3.i686", "product": { "name": "openssl-debuginfo-1:1.1.1g-15.el8_3.i686", "product_id": "openssl-debuginfo-1:1.1.1g-15.el8_3.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.1.1g-15.el8_3?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.i686", "product": { "name": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.i686", "product_id": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs-debuginfo@1.1.1g-15.el8_3?arch=i686\u0026epoch=1" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "openssl-1:1.1.1g-15.el8_3.s390x", "product": { "name": "openssl-1:1.1.1g-15.el8_3.s390x", "product_id": "openssl-1:1.1.1g-15.el8_3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.1.1g-15.el8_3?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:1.1.1g-15.el8_3.s390x", "product": { "name": "openssl-devel-1:1.1.1g-15.el8_3.s390x", "product_id": "openssl-devel-1:1.1.1g-15.el8_3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.1.1g-15.el8_3?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:1.1.1g-15.el8_3.s390x", "product": { "name": "openssl-libs-1:1.1.1g-15.el8_3.s390x", "product_id": "openssl-libs-1:1.1.1g-15.el8_3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs@1.1.1g-15.el8_3?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:1.1.1g-15.el8_3.s390x", "product": { "name": "openssl-perl-1:1.1.1g-15.el8_3.s390x", "product_id": "openssl-perl-1:1.1.1g-15.el8_3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.1.1g-15.el8_3?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debugsource-1:1.1.1g-15.el8_3.s390x", "product": { "name": "openssl-debugsource-1:1.1.1g-15.el8_3.s390x", "product_id": "openssl-debugsource-1:1.1.1g-15.el8_3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debugsource@1.1.1g-15.el8_3?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debuginfo-1:1.1.1g-15.el8_3.s390x", "product": { "name": "openssl-debuginfo-1:1.1.1g-15.el8_3.s390x", "product_id": "openssl-debuginfo-1:1.1.1g-15.el8_3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.1.1g-15.el8_3?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.s390x", "product": { "name": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.s390x", "product_id": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs-debuginfo@1.1.1g-15.el8_3?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.1.1g-15.el8_3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.aarch64" }, "product_reference": "openssl-1:1.1.1g-15.el8_3.aarch64", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.1.1g-15.el8_3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.ppc64le" }, "product_reference": "openssl-1:1.1.1g-15.el8_3.ppc64le", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.1.1g-15.el8_3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.s390x" }, "product_reference": "openssl-1:1.1.1g-15.el8_3.s390x", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.1.1g-15.el8_3.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.src" }, "product_reference": "openssl-1:1.1.1g-15.el8_3.src", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.1.1g-15.el8_3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.x86_64" }, "product_reference": "openssl-1:1.1.1g-15.el8_3.x86_64", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.1.1g-15.el8_3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.aarch64" }, "product_reference": "openssl-debuginfo-1:1.1.1g-15.el8_3.aarch64", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.1.1g-15.el8_3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.i686" }, "product_reference": "openssl-debuginfo-1:1.1.1g-15.el8_3.i686", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.1.1g-15.el8_3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.ppc64le" }, "product_reference": "openssl-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.1.1g-15.el8_3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.s390x" }, "product_reference": "openssl-debuginfo-1:1.1.1g-15.el8_3.s390x", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.1.1g-15.el8_3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.x86_64" }, "product_reference": "openssl-debuginfo-1:1.1.1g-15.el8_3.x86_64", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debugsource-1:1.1.1g-15.el8_3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.aarch64" }, "product_reference": "openssl-debugsource-1:1.1.1g-15.el8_3.aarch64", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debugsource-1:1.1.1g-15.el8_3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.i686" }, "product_reference": "openssl-debugsource-1:1.1.1g-15.el8_3.i686", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debugsource-1:1.1.1g-15.el8_3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.ppc64le" }, "product_reference": "openssl-debugsource-1:1.1.1g-15.el8_3.ppc64le", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debugsource-1:1.1.1g-15.el8_3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.s390x" }, "product_reference": "openssl-debugsource-1:1.1.1g-15.el8_3.s390x", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debugsource-1:1.1.1g-15.el8_3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.x86_64" }, "product_reference": "openssl-debugsource-1:1.1.1g-15.el8_3.x86_64", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.1.1g-15.el8_3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.aarch64" }, "product_reference": "openssl-devel-1:1.1.1g-15.el8_3.aarch64", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.1.1g-15.el8_3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.i686" }, "product_reference": "openssl-devel-1:1.1.1g-15.el8_3.i686", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.1.1g-15.el8_3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.ppc64le" }, "product_reference": "openssl-devel-1:1.1.1g-15.el8_3.ppc64le", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.1.1g-15.el8_3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.s390x" }, "product_reference": "openssl-devel-1:1.1.1g-15.el8_3.s390x", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.1.1g-15.el8_3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.x86_64" }, "product_reference": "openssl-devel-1:1.1.1g-15.el8_3.x86_64", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.1.1g-15.el8_3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.aarch64" }, "product_reference": "openssl-libs-1:1.1.1g-15.el8_3.aarch64", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.1.1g-15.el8_3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.i686" }, "product_reference": "openssl-libs-1:1.1.1g-15.el8_3.i686", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.1.1g-15.el8_3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.ppc64le" }, "product_reference": "openssl-libs-1:1.1.1g-15.el8_3.ppc64le", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.1.1g-15.el8_3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.s390x" }, "product_reference": "openssl-libs-1:1.1.1g-15.el8_3.s390x", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.1.1g-15.el8_3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.x86_64" }, "product_reference": "openssl-libs-1:1.1.1g-15.el8_3.x86_64", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.aarch64" }, "product_reference": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.aarch64", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.i686" }, "product_reference": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.i686", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.ppc64le" }, "product_reference": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.s390x" }, "product_reference": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.s390x", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.x86_64" }, "product_reference": "openssl-libs-debuginfo-1:1.1.1g-15.el8_3.x86_64", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.1.1g-15.el8_3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.aarch64" }, "product_reference": "openssl-perl-1:1.1.1g-15.el8_3.aarch64", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.1.1g-15.el8_3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.ppc64le" }, "product_reference": "openssl-perl-1:1.1.1g-15.el8_3.ppc64le", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.1.1g-15.el8_3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.s390x" }, "product_reference": "openssl-perl-1:1.1.1g-15.el8_3.s390x", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.1.1g-15.el8_3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.x86_64" }, "product_reference": "openssl-perl-1:1.1.1g-15.el8_3.x86_64", "relates_to_product_reference": "BaseOS-8.3.0.Z.MAIN" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the OpenSSL project" ] }, { "names": [ "Nokia" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3449", "discovery_date": "2021-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941554" } ], "notes": [ { "category": "description", "text": "A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extension. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NULL pointer dereference in signature_algorithms processing", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects OpenSSL 1.1.1, older versions are not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.src", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3449" }, { "category": "external", "summary": "RHBZ#1941554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3449", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210325.txt", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "release_date": "2021-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-30T14:40:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "product_ids": [ "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.src", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1024" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling TLS renegotiation on servers compiled with OpenSSL. It is enabled by default, but can be disabled for servers which do not require it and can be used to mitigate this flaw. Versions of httpd package shipped with Red Hat Enterprise Linux 8 have TLS renegotiation disabled by default.", "product_ids": [ "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.src", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.src", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: NULL pointer dereference in signature_algorithms processing" }, { "acknowledgments": [ { "names": [ "the OpenSSL Project" ] }, { "names": [ "Benjamin Kaduk" ], "summary": "Acknowledged by upstream." }, { "names": [ "Xiang Ding and others" ], "organization": "Akamai", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3450", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2021-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941547" } ], "notes": [ { "category": "description", "text": "A flaw was found in openssl. The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects openssl 1.1.1h and above only, older versions are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.src", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3450" }, { "category": "external", "summary": "RHBZ#1941547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941547" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3450", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210325.txt", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "release_date": "2021-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-03-30T14:40:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "product_ids": [ "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.src", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1024" }, { "category": "workaround", "details": "The following conditions have to be met for an application compiled with OpenSSL to be vulnerable:\n\n- the CA trusted by the system must issue or have issued certificates that don\u0027t include basic Key Usage extension.\n- the CA certificates must not have path length constraint set to a value that would limit the certificate chain to just the subscriber certificates (i.e. CA certificate just above the subscriber cert must not have 0 as the path length constraint, and any CA above it must not have it increase by more than 1 for every level in the hierarchy)\n- the attacker needs to have access to such subscriber certificate (without basic Key Usage and linking up to CAs without path length constraints or not effectively constraining certs issued by this certificate)\n- the application under attack must use the X509_V_FLAG_X509_STRICT flag and must not set purpose for the certificate verification\n\nif any of the above conditions are not met then the application compiled with OpenSSL is not vulnerable to the CVE.", "product_ids": [ "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.src", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.src", "BaseOS-8.3.0.Z.MAIN:openssl-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-debuginfo-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-debugsource-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-devel-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-libs-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.i686", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-libs-debuginfo-1:1.1.1g-15.el8_3.x86_64", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.aarch64", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.ppc64le", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.s390x", "BaseOS-8.3.0.Z.MAIN:openssl-perl-1:1.1.1g-15.el8_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT" } ] }
rhsa-2021_1189
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nChanges to the redhat-release-virtualization-host component:\n\n* Previously, the redhat-support-tool was missing from the RHV-H 4.4 package. \nIn this release, the redhat-support-tool has been added. (BZ#1928607)\n\nSecurity Fix(es):\n\n* openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1189", "url": "https://access.redhat.com/errata/RHSA-2021:1189" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1892573", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892573" }, { "category": "external", "summary": "1895832", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895832" }, { "category": "external", "summary": "1907306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907306" }, { "category": "external", "summary": "1907358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907358" }, { "category": "external", "summary": "1907746", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907746" }, { "category": "external", "summary": "1918207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918207" }, { "category": "external", "summary": "1927395", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927395" }, { "category": "external", "summary": "1928607", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928607" }, { "category": "external", "summary": "1940845", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940845" }, { "category": "external", "summary": "1941547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941547" }, { "category": "external", "summary": "1941554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941554" }, { "category": "external", "summary": "1942040", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942040" }, { "category": "external", "summary": "1942498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942498" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1189.json" } ], "title": "Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-05T23:27:17+00:00", "generator": { "date": "2024-11-05T23:27:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:1189", "initial_release_date": "2021-04-14T11:42:19+00:00", "revision_history": [ { "date": "2021-04-14T11:42:19+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-04-14T11:42:19+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:27:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHEL 8-based RHEV-H for RHEV 4 (build requirements)", "product": { "name": "RHEL 8-based RHEV-H for RHEV 4 (build requirements)", "product_id": "8Base-RHV-HypervisorBuild-4", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8" } } }, { "category": "product_name", "name": "Red Hat Virtualization 4 Hypervisor for RHEL 8", "product": { "name": "Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8" } } } ], "category": "product_family", "name": "Red Hat Virtualization" }, { "branches": [ { "category": "product_version", "name": "scap-security-guide-0:0.1.50-1.el8ev.src", "product": { "name": "scap-security-guide-0:0.1.50-1.el8ev.src", "product_id": "scap-security-guide-0:0.1.50-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/scap-security-guide@0.1.50-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "zip-0:3.0-23.el8.src", "product": { "name": "zip-0:3.0-23.el8.src", "product_id": "zip-0:3.0-23.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/zip@3.0-23.el8?arch=src" } } }, { "category": "product_version", "name": "gcc-0:8.3.1-5.1.el8.src", "product": { "name": "gcc-0:8.3.1-5.1.el8.src", "product_id": "gcc-0:8.3.1-5.1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/gcc@8.3.1-5.1.el8?arch=src" } } }, { "category": "product_version", "name": "make-1:4.2.1-10.el8.src", "product": { "name": "make-1:4.2.1-10.el8.src", "product_id": "make-1:4.2.1-10.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/make@4.2.1-10.el8?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "dyninst-0:10.1.0-4.el8.src", "product": { "name": "dyninst-0:10.1.0-4.el8.src", "product_id": "dyninst-0:10.1.0-4.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/dyninst@10.1.0-4.el8?arch=src" } } }, { "category": "product_version", "name": "isl-0:0.16.1-6.el8.src", "product": { "name": "isl-0:0.16.1-6.el8.src", "product_id": "isl-0:0.16.1-6.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/isl@0.16.1-6.el8?arch=src" } } }, { "category": "product_version", "name": "libmpc-0:1.0.2-9.el8.src", "product": { "name": "libmpc-0:1.0.2-9.el8.src", "product_id": "libmpc-0:1.0.2-9.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/libmpc@1.0.2-9.el8?arch=src" } } }, { "category": "product_version", "name": "libxcrypt-0:4.1.1-4.el8.src", "product": { "name": "libxcrypt-0:4.1.1-4.el8.src", "product_id": "libxcrypt-0:4.1.1-4.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxcrypt@4.1.1-4.el8?arch=src" } } }, { "category": "product_version", "name": "boost-0:1.66.0-10.el8.src", "product": { "name": "boost-0:1.66.0-10.el8.src", "product_id": "boost-0:1.66.0-10.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost@1.66.0-10.el8?arch=src" } } }, { "category": "product_version", "name": "tbb-0:2018.2-9.el8.src", "product": { "name": "tbb-0:2018.2-9.el8.src", "product_id": "tbb-0:2018.2-9.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tbb@2018.2-9.el8?arch=src" } } }, { "category": "product_version", "name": "imgbased-0:1.2.18-0.1.el8ev.src", "product": { "name": "imgbased-0:1.2.18-0.1.el8ev.src", "product_id": "imgbased-0:1.2.18-0.1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/imgbased@1.2.18-0.1.el8ev?arch=src" } } }, { "category": "product_version", "name": "redhat-release-virtualization-host-0:4.4.5-4.el8ev.src", "product": { "name": "redhat-release-virtualization-host-0:4.4.5-4.el8ev.src", "product_id": "redhat-release-virtualization-host-0:4.4.5-4.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.4.5-4.el8ev?arch=src" } } }, { "category": "product_version", "name": "redhat-virtualization-host-0:4.4.5-20210330.0.el8_3.src", "product": { "name": "redhat-virtualization-host-0:4.4.5-20210330.0.el8_3.src", "product_id": "redhat-virtualization-host-0:4.4.5-20210330.0.el8_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/redhat-virtualization-host@4.4.5-20210330.0.el8_3?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "scap-security-guide-rhv-0:0.1.50-1.el8ev.noarch", "product": { "name": "scap-security-guide-rhv-0:0.1.50-1.el8ev.noarch", "product_id": "scap-security-guide-rhv-0:0.1.50-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/scap-security-guide-rhv@0.1.50-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "imgbased-0:1.2.18-0.1.el8ev.noarch", "product": { "name": "imgbased-0:1.2.18-0.1.el8ev.noarch", "product_id": "imgbased-0:1.2.18-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/imgbased@1.2.18-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "python3-imgbased-0:1.2.18-0.1.el8ev.noarch", "product": { "name": "python3-imgbased-0:1.2.18-0.1.el8ev.noarch", "product_id": "python3-imgbased-0:1.2.18-0.1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-imgbased@1.2.18-0.1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "redhat-virtualization-host-image-update-placeholder-0:4.4.5-4.el8ev.noarch", "product": { "name": "redhat-virtualization-host-image-update-placeholder-0:4.4.5-4.el8ev.noarch", "product_id": "redhat-virtualization-host-image-update-placeholder-0:4.4.5-4.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.4.5-4.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "redhat-virtualization-host-image-update-0:4.4.5-20210330.0.el8_3.noarch", "product": { "name": "redhat-virtualization-host-image-update-0:4.4.5-20210330.0.el8_3.noarch", "product_id": "redhat-virtualization-host-image-update-0:4.4.5-20210330.0.el8_3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.4.5-20210330.0.el8_3?arch=noarch" } } }, { "category": "product_version", "name": "vim-filesystem-2:8.0.1763-15.el8.noarch", "product": { "name": "vim-filesystem-2:8.0.1763-15.el8.noarch", "product_id": "vim-filesystem-2:8.0.1763-15.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/vim-filesystem@8.0.1763-15.el8?arch=noarch\u0026epoch=2" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "zip-0:3.0-23.el8.x86_64", "product": { "name": "zip-0:3.0-23.el8.x86_64", "product_id": "zip-0:3.0-23.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/zip@3.0-23.el8?arch=x86_64" } } }, { "category": "product_version", "name": "zip-debugsource-0:3.0-23.el8.x86_64", "product": { "name": "zip-debugsource-0:3.0-23.el8.x86_64", "product_id": "zip-debugsource-0:3.0-23.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/zip-debugsource@3.0-23.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cpp-0:8.3.1-5.1.el8.x86_64", "product": { "name": "cpp-0:8.3.1-5.1.el8.x86_64", "product_id": "cpp-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cpp@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "gcc-0:8.3.1-5.1.el8.x86_64", "product": { "name": "gcc-0:8.3.1-5.1.el8.x86_64", "product_id": "gcc-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gcc@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libgcc-0:8.3.1-5.1.el8.x86_64", "product": { "name": "libgcc-0:8.3.1-5.1.el8.x86_64", "product_id": "libgcc-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libgcc@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libgomp-0:8.3.1-5.1.el8.x86_64", "product": { "name": "libgomp-0:8.3.1-5.1.el8.x86_64", "product_id": "libgomp-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libgomp@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "gcc-debugsource-0:8.3.1-5.1.el8.x86_64", "product": { "name": "gcc-debugsource-0:8.3.1-5.1.el8.x86_64", "product_id": "gcc-debugsource-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gcc-debugsource@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cpp-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "cpp-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "cpp-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cpp-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "gcc-c++-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "gcc-c++-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "gcc-c++-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gcc-c%2B%2B-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "gcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "gcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "gcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gcc-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "gcc-gdb-plugin-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "gcc-gdb-plugin-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "gcc-gdb-plugin-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gcc-gdb-plugin-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "gcc-gfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "gcc-gfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "gcc-gfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gcc-gfortran-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "gcc-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "gcc-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "gcc-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gcc-offload-nvptx-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "gcc-plugin-devel-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "gcc-plugin-devel-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "gcc-plugin-devel-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/gcc-plugin-devel-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libasan-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "libasan-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "libasan-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libasan-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libatomic-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "libatomic-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "libatomic-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libatomic-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libgcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "libgcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "libgcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libgcc-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libgfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "libgfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "libgfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libgfortran-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libgomp-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "libgomp-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "libgomp-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libgomp-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libgomp-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "libgomp-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "libgomp-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libgomp-offload-nvptx-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libitm-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "libitm-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "libitm-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libitm-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "liblsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "liblsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "liblsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/liblsan-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libquadmath-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "libquadmath-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "libquadmath-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libquadmath-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libstdc++-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "libstdc++-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "libstdc++-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libstdc%2B%2B-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libtsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "libtsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "libtsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libtsan-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libubsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "product": { "name": "libubsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_id": "libubsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libubsan-debuginfo@8.3.1-5.1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "make-1:4.2.1-10.el8.x86_64", "product": { "name": "make-1:4.2.1-10.el8.x86_64", "product_id": "make-1:4.2.1-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/make@4.2.1-10.el8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "make-debugsource-1:4.2.1-10.el8.x86_64", "product": { "name": "make-debugsource-1:4.2.1-10.el8.x86_64", "product_id": "make-debugsource-1:4.2.1-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/make-debugsource@4.2.1-10.el8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "dyninst-0:10.1.0-4.el8.x86_64", "product": { "name": "dyninst-0:10.1.0-4.el8.x86_64", "product_id": "dyninst-0:10.1.0-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dyninst@10.1.0-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "dyninst-debugsource-0:10.1.0-4.el8.x86_64", "product": { "name": "dyninst-debugsource-0:10.1.0-4.el8.x86_64", "product_id": "dyninst-debugsource-0:10.1.0-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dyninst-debugsource@10.1.0-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "dyninst-debuginfo-0:10.1.0-4.el8.x86_64", "product": { "name": "dyninst-debuginfo-0:10.1.0-4.el8.x86_64", "product_id": "dyninst-debuginfo-0:10.1.0-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dyninst-debuginfo@10.1.0-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "dyninst-devel-debuginfo-0:10.1.0-4.el8.x86_64", "product": { "name": "dyninst-devel-debuginfo-0:10.1.0-4.el8.x86_64", "product_id": "dyninst-devel-debuginfo-0:10.1.0-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dyninst-devel-debuginfo@10.1.0-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "dyninst-testsuite-debuginfo-0:10.1.0-4.el8.x86_64", "product": { "name": "dyninst-testsuite-debuginfo-0:10.1.0-4.el8.x86_64", "product_id": "dyninst-testsuite-debuginfo-0:10.1.0-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dyninst-testsuite-debuginfo@10.1.0-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "glibc-devel-0:2.28-127.el8_3.2.x86_64", "product": { "name": "glibc-devel-0:2.28-127.el8_3.2.x86_64", "product_id": "glibc-devel-0:2.28-127.el8_3.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glibc-devel@2.28-127.el8_3.2?arch=x86_64" } } }, { "category": "product_version", "name": "glibc-headers-0:2.28-127.el8_3.2.x86_64", "product": { "name": "glibc-headers-0:2.28-127.el8_3.2.x86_64", "product_id": "glibc-headers-0:2.28-127.el8_3.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glibc-headers@2.28-127.el8_3.2?arch=x86_64" } } }, { "category": "product_version", "name": "glibc-debuginfo-0:2.28-127.el8_3.2.x86_64", "product": { "name": "glibc-debuginfo-0:2.28-127.el8_3.2.x86_64", "product_id": "glibc-debuginfo-0:2.28-127.el8_3.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glibc-debuginfo@2.28-127.el8_3.2?arch=x86_64" } } }, { "category": "product_version", "name": "glibc-debuginfo-common-0:2.28-127.el8_3.2.x86_64", "product": { "name": "glibc-debuginfo-common-0:2.28-127.el8_3.2.x86_64", "product_id": "glibc-debuginfo-common-0:2.28-127.el8_3.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/glibc-debuginfo-common@2.28-127.el8_3.2?arch=x86_64" } } }, { "category": "product_version", "name": "isl-0:0.16.1-6.el8.x86_64", "product": { "name": "isl-0:0.16.1-6.el8.x86_64", "product_id": "isl-0:0.16.1-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/isl@0.16.1-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "isl-debugsource-0:0.16.1-6.el8.x86_64", "product": { "name": "isl-debugsource-0:0.16.1-6.el8.x86_64", "product_id": "isl-debugsource-0:0.16.1-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/isl-debugsource@0.16.1-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libmpc-0:1.0.2-9.el8.x86_64", "product": { "name": "libmpc-0:1.0.2-9.el8.x86_64", "product_id": "libmpc-0:1.0.2-9.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libmpc@1.0.2-9.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libmpc-debugsource-0:1.0.2-9.el8.x86_64", "product": { "name": "libmpc-debugsource-0:1.0.2-9.el8.x86_64", "product_id": "libmpc-debugsource-0:1.0.2-9.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libmpc-debugsource@1.0.2-9.el8?arch=x86_64" } } }, { "category": "product_version", "name": "compat-libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "product": { "name": "compat-libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "product_id": "compat-libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/compat-libmpc-debuginfo@1.0.2-9.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "product": { "name": "libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "product_id": "libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libmpc-debuginfo@1.0.2-9.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libxcrypt-devel-0:4.1.1-4.el8.x86_64", "product": { "name": "libxcrypt-devel-0:4.1.1-4.el8.x86_64", "product_id": "libxcrypt-devel-0:4.1.1-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxcrypt-devel@4.1.1-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "libxcrypt-debugsource-0:4.1.1-4.el8.x86_64", "product": { "name": "libxcrypt-debugsource-0:4.1.1-4.el8.x86_64", "product_id": "libxcrypt-debugsource-0:4.1.1-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxcrypt-debugsource@4.1.1-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-date-time-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-date-time-0:1.66.0-10.el8.x86_64", "product_id": "boost-date-time-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-date-time@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-filesystem-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-filesystem-0:1.66.0-10.el8.x86_64", "product_id": "boost-filesystem-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-filesystem@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-system-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-system-0:1.66.0-10.el8.x86_64", "product_id": "boost-system-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-system@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-timer-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-timer-0:1.66.0-10.el8.x86_64", "product_id": "boost-timer-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-timer@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-debugsource-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-debugsource-0:1.66.0-10.el8.x86_64", "product_id": "boost-debugsource-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-debugsource@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-atomic-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-atomic-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-atomic-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-atomic-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-chrono-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-chrono-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-chrono-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-chrono-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-container-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-container-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-container-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-container-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-context-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-context-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-context-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-context-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-coroutine-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-coroutine-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-coroutine-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-coroutine-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-date-time-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-date-time-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-date-time-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-date-time-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-doctools-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-doctools-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-doctools-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-doctools-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-fiber-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-fiber-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-fiber-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-fiber-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-filesystem-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-filesystem-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-filesystem-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-filesystem-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-graph-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-graph-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-graph-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-graph-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-graph-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-graph-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-graph-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-graph-mpich-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-graph-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-graph-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-graph-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-graph-openmpi-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-iostreams-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-iostreams-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-iostreams-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-iostreams-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-locale-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-locale-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-locale-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-locale-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-log-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-log-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-log-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-log-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-math-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-math-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-math-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-math-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-mpich-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-mpich-python3-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-mpich-python3-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-mpich-python3-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-mpich-python3-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-numpy3-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-numpy3-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-numpy3-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-numpy3-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-openmpi-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-openmpi-python3-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-openmpi-python3-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-openmpi-python3-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-openmpi-python3-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-program-options-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-program-options-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-program-options-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-program-options-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-python3-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-python3-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-python3-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-python3-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-random-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-random-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-random-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-random-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-regex-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-regex-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-regex-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-regex-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-serialization-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-serialization-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-serialization-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-serialization-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-signals-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-signals-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-signals-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-signals-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-stacktrace-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-stacktrace-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-stacktrace-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-stacktrace-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-system-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-system-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-system-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-system-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-test-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-test-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-test-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-test-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-thread-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-thread-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-thread-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-thread-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-timer-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-timer-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-timer-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-timer-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-type_erasure-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-type_erasure-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-type_erasure-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-type_erasure-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "boost-wave-debuginfo-0:1.66.0-10.el8.x86_64", "product": { "name": "boost-wave-debuginfo-0:1.66.0-10.el8.x86_64", "product_id": "boost-wave-debuginfo-0:1.66.0-10.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/boost-wave-debuginfo@1.66.0-10.el8?arch=x86_64" } } }, { "category": "product_version", "name": "tbb-0:2018.2-9.el8.x86_64", "product": { "name": "tbb-0:2018.2-9.el8.x86_64", "product_id": "tbb-0:2018.2-9.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tbb@2018.2-9.el8?arch=x86_64" } } }, { "category": "product_version", "name": "tbb-debugsource-0:2018.2-9.el8.x86_64", "product": { "name": "tbb-debugsource-0:2018.2-9.el8.x86_64", "product_id": "tbb-debugsource-0:2018.2-9.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tbb-debugsource@2018.2-9.el8?arch=x86_64" } } }, { "category": "product_version", "name": "redhat-release-virtualization-host-0:4.4.5-4.el8ev.x86_64", "product": { "name": "redhat-release-virtualization-host-0:4.4.5-4.el8ev.x86_64", "product_id": "redhat-release-virtualization-host-0:4.4.5-4.el8ev.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.4.5-4.el8ev?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:4.18.0-240.22.1.el8_3.x86_64", "product": { "name": "kernel-devel-0:4.18.0-240.22.1.el8_3.x86_64", "product_id": "kernel-devel-0:4.18.0-240.22.1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel@4.18.0-240.22.1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:4.18.0-240.22.1.el8_3.x86_64", "product": { "name": "kernel-headers-0:4.18.0-240.22.1.el8_3.x86_64", "product_id": "kernel-headers-0:4.18.0-240.22.1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-headers@4.18.0-240.22.1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:4.18.0-240.22.1.el8_3.x86_64", "product": { "name": "perf-0:4.18.0-240.22.1.el8_3.x86_64", "product_id": "perf-0:4.18.0-240.22.1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf@4.18.0-240.22.1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "bpftool-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product": { "name": "bpftool-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product_id": "bpftool-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool-debuginfo@4.18.0-240.22.1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product": { "name": "kernel-debug-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product_id": "kernel-debug-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-debuginfo@4.18.0-240.22.1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product": { "name": "kernel-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product_id": "kernel-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo@4.18.0-240.22.1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debuginfo-common-x86_64-0:4.18.0-240.22.1.el8_3.x86_64", "product": { "name": "kernel-debuginfo-common-x86_64-0:4.18.0-240.22.1.el8_3.x86_64", "product_id": "kernel-debuginfo-common-x86_64-0:4.18.0-240.22.1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo-common-x86_64@4.18.0-240.22.1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product": { "name": "kernel-tools-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product_id": "kernel-tools-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-debuginfo@4.18.0-240.22.1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product": { "name": "perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product_id": "perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf-debuginfo@4.18.0-240.22.1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "python3-perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product": { "name": "python3-perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product_id": "python3-perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf-debuginfo@4.18.0-240.22.1.el8_3?arch=x86_64" } } }, { "category": "product_version", "name": "vim-common-2:8.0.1763-15.el8.x86_64", "product": { "name": "vim-common-2:8.0.1763-15.el8.x86_64", "product_id": "vim-common-2:8.0.1763-15.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/vim-common@8.0.1763-15.el8?arch=x86_64\u0026epoch=2" } } }, { "category": "product_version", "name": "vim-enhanced-2:8.0.1763-15.el8.x86_64", "product": { "name": "vim-enhanced-2:8.0.1763-15.el8.x86_64", "product_id": "vim-enhanced-2:8.0.1763-15.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/vim-enhanced@8.0.1763-15.el8?arch=x86_64\u0026epoch=2" } } }, { "category": "product_version", "name": "vim-debugsource-2:8.0.1763-15.el8.x86_64", "product": { "name": "vim-debugsource-2:8.0.1763-15.el8.x86_64", "product_id": "vim-debugsource-2:8.0.1763-15.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/vim-debugsource@8.0.1763-15.el8?arch=x86_64\u0026epoch=2" } } }, { "category": "product_version", "name": "vim-X11-debuginfo-2:8.0.1763-15.el8.x86_64", "product": { "name": "vim-X11-debuginfo-2:8.0.1763-15.el8.x86_64", "product_id": "vim-X11-debuginfo-2:8.0.1763-15.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/vim-X11-debuginfo@8.0.1763-15.el8?arch=x86_64\u0026epoch=2" } } }, { "category": "product_version", "name": "vim-common-debuginfo-2:8.0.1763-15.el8.x86_64", "product": { "name": "vim-common-debuginfo-2:8.0.1763-15.el8.x86_64", "product_id": "vim-common-debuginfo-2:8.0.1763-15.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/vim-common-debuginfo@8.0.1763-15.el8?arch=x86_64\u0026epoch=2" } } }, { "category": "product_version", "name": "vim-debuginfo-2:8.0.1763-15.el8.x86_64", "product": { "name": "vim-debuginfo-2:8.0.1763-15.el8.x86_64", "product_id": "vim-debuginfo-2:8.0.1763-15.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/vim-debuginfo@8.0.1763-15.el8?arch=x86_64\u0026epoch=2" } } }, { "category": "product_version", "name": "vim-enhanced-debuginfo-2:8.0.1763-15.el8.x86_64", "product": { "name": "vim-enhanced-debuginfo-2:8.0.1763-15.el8.x86_64", "product_id": "vim-enhanced-debuginfo-2:8.0.1763-15.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/vim-enhanced-debuginfo@8.0.1763-15.el8?arch=x86_64\u0026epoch=2" } } }, { "category": "product_version", "name": "vim-minimal-debuginfo-2:8.0.1763-15.el8.x86_64", "product": { "name": "vim-minimal-debuginfo-2:8.0.1763-15.el8.x86_64", "product_id": "vim-minimal-debuginfo-2:8.0.1763-15.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/vim-minimal-debuginfo@8.0.1763-15.el8?arch=x86_64\u0026epoch=2" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "boost-0:1.66.0-10.el8.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-0:1.66.0-10.el8.src" }, "product_reference": "boost-0:1.66.0-10.el8.src", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-atomic-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-atomic-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-atomic-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-chrono-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-chrono-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-chrono-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-container-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-container-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-container-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-context-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-context-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-context-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-coroutine-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-coroutine-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-coroutine-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-date-time-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-date-time-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-date-time-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-date-time-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-date-time-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-date-time-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-debugsource-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-debugsource-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-debugsource-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-doctools-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-doctools-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-doctools-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-fiber-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-fiber-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-fiber-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-filesystem-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-filesystem-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-filesystem-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-filesystem-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-filesystem-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-filesystem-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-graph-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-graph-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-graph-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-graph-mpich-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-graph-mpich-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-graph-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-graph-openmpi-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-graph-openmpi-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-graph-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-iostreams-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-iostreams-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-iostreams-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-locale-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-locale-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-locale-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-log-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-log-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-log-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-math-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-math-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-math-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-mpich-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-mpich-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-mpich-python3-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-mpich-python3-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-mpich-python3-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-numpy3-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-numpy3-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-numpy3-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-openmpi-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-openmpi-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-openmpi-python3-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-openmpi-python3-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-openmpi-python3-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-program-options-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-program-options-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-program-options-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-python3-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-python3-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-python3-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-random-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-random-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-random-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-regex-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-regex-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-regex-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-serialization-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-serialization-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-serialization-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-signals-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-signals-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-signals-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-stacktrace-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-stacktrace-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-stacktrace-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-system-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-system-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-system-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-system-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-system-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-system-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-test-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-test-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-test-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-thread-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-thread-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-thread-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-timer-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-timer-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-timer-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-timer-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-timer-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-timer-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-type_erasure-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-type_erasure-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-type_erasure-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "boost-wave-debuginfo-0:1.66.0-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:boost-wave-debuginfo-0:1.66.0-10.el8.x86_64" }, "product_reference": "boost-wave-debuginfo-0:1.66.0-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:bpftool-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64" }, "product_reference": "bpftool-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "compat-libmpc-debuginfo-0:1.0.2-9.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:compat-libmpc-debuginfo-0:1.0.2-9.el8.x86_64" }, "product_reference": "compat-libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "cpp-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:cpp-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "cpp-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "cpp-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:cpp-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "cpp-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "dyninst-0:10.1.0-4.el8.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:dyninst-0:10.1.0-4.el8.src" }, "product_reference": "dyninst-0:10.1.0-4.el8.src", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "dyninst-0:10.1.0-4.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:dyninst-0:10.1.0-4.el8.x86_64" }, "product_reference": "dyninst-0:10.1.0-4.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "dyninst-debuginfo-0:10.1.0-4.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:dyninst-debuginfo-0:10.1.0-4.el8.x86_64" }, "product_reference": "dyninst-debuginfo-0:10.1.0-4.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "dyninst-debugsource-0:10.1.0-4.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:dyninst-debugsource-0:10.1.0-4.el8.x86_64" }, "product_reference": "dyninst-debugsource-0:10.1.0-4.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "dyninst-devel-debuginfo-0:10.1.0-4.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:dyninst-devel-debuginfo-0:10.1.0-4.el8.x86_64" }, "product_reference": "dyninst-devel-debuginfo-0:10.1.0-4.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "dyninst-testsuite-debuginfo-0:10.1.0-4.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:dyninst-testsuite-debuginfo-0:10.1.0-4.el8.x86_64" }, "product_reference": "dyninst-testsuite-debuginfo-0:10.1.0-4.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "gcc-0:8.3.1-5.1.el8.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:gcc-0:8.3.1-5.1.el8.src" }, "product_reference": "gcc-0:8.3.1-5.1.el8.src", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "gcc-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:gcc-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "gcc-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "gcc-c++-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:gcc-c++-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "gcc-c++-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "gcc-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:gcc-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "gcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "gcc-debugsource-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:gcc-debugsource-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "gcc-debugsource-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "gcc-gdb-plugin-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:gcc-gdb-plugin-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "gcc-gdb-plugin-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "gcc-gfortran-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:gcc-gfortran-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "gcc-gfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "gcc-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:gcc-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "gcc-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "gcc-plugin-devel-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:gcc-plugin-devel-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "gcc-plugin-devel-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "glibc-debuginfo-0:2.28-127.el8_3.2.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:glibc-debuginfo-0:2.28-127.el8_3.2.x86_64" }, "product_reference": "glibc-debuginfo-0:2.28-127.el8_3.2.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "glibc-debuginfo-common-0:2.28-127.el8_3.2.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:glibc-debuginfo-common-0:2.28-127.el8_3.2.x86_64" }, "product_reference": "glibc-debuginfo-common-0:2.28-127.el8_3.2.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "glibc-devel-0:2.28-127.el8_3.2.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:glibc-devel-0:2.28-127.el8_3.2.x86_64" }, "product_reference": "glibc-devel-0:2.28-127.el8_3.2.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "glibc-headers-0:2.28-127.el8_3.2.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:glibc-headers-0:2.28-127.el8_3.2.x86_64" }, "product_reference": "glibc-headers-0:2.28-127.el8_3.2.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "isl-0:0.16.1-6.el8.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:isl-0:0.16.1-6.el8.src" }, "product_reference": "isl-0:0.16.1-6.el8.src", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "isl-0:0.16.1-6.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:isl-0:0.16.1-6.el8.x86_64" }, "product_reference": "isl-0:0.16.1-6.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "isl-debugsource-0:0.16.1-6.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:isl-debugsource-0:0.16.1-6.el8.x86_64" }, "product_reference": "isl-debugsource-0:0.16.1-6.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:kernel-debug-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64" }, "product_reference": "kernel-debug-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:kernel-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64" }, "product_reference": "kernel-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-common-x86_64-0:4.18.0-240.22.1.el8_3.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:kernel-debuginfo-common-x86_64-0:4.18.0-240.22.1.el8_3.x86_64" }, "product_reference": "kernel-debuginfo-common-x86_64-0:4.18.0-240.22.1.el8_3.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:4.18.0-240.22.1.el8_3.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:kernel-devel-0:4.18.0-240.22.1.el8_3.x86_64" }, "product_reference": "kernel-devel-0:4.18.0-240.22.1.el8_3.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:4.18.0-240.22.1.el8_3.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:kernel-headers-0:4.18.0-240.22.1.el8_3.x86_64" }, "product_reference": "kernel-headers-0:4.18.0-240.22.1.el8_3.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:kernel-tools-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64" }, "product_reference": "kernel-tools-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libasan-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libasan-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "libasan-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libatomic-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libatomic-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "libatomic-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libgcc-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libgcc-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "libgcc-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libgcc-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libgcc-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "libgcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libgfortran-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libgfortran-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "libgfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libgomp-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libgomp-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "libgomp-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libgomp-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libgomp-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "libgomp-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libgomp-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libgomp-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "libgomp-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libitm-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libitm-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "libitm-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "liblsan-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:liblsan-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "liblsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libmpc-0:1.0.2-9.el8.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libmpc-0:1.0.2-9.el8.src" }, "product_reference": "libmpc-0:1.0.2-9.el8.src", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libmpc-0:1.0.2-9.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libmpc-0:1.0.2-9.el8.x86_64" }, "product_reference": "libmpc-0:1.0.2-9.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libmpc-debuginfo-0:1.0.2-9.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libmpc-debuginfo-0:1.0.2-9.el8.x86_64" }, "product_reference": "libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libmpc-debugsource-0:1.0.2-9.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libmpc-debugsource-0:1.0.2-9.el8.x86_64" }, "product_reference": "libmpc-debugsource-0:1.0.2-9.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libquadmath-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libquadmath-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "libquadmath-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libstdc++-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libstdc++-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "libstdc++-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libtsan-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libtsan-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "libtsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libubsan-debuginfo-0:8.3.1-5.1.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libubsan-debuginfo-0:8.3.1-5.1.el8.x86_64" }, "product_reference": "libubsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libxcrypt-0:4.1.1-4.el8.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libxcrypt-0:4.1.1-4.el8.src" }, "product_reference": "libxcrypt-0:4.1.1-4.el8.src", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libxcrypt-debugsource-0:4.1.1-4.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libxcrypt-debugsource-0:4.1.1-4.el8.x86_64" }, "product_reference": "libxcrypt-debugsource-0:4.1.1-4.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "libxcrypt-devel-0:4.1.1-4.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:libxcrypt-devel-0:4.1.1-4.el8.x86_64" }, "product_reference": "libxcrypt-devel-0:4.1.1-4.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "make-1:4.2.1-10.el8.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:make-1:4.2.1-10.el8.src" }, "product_reference": "make-1:4.2.1-10.el8.src", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "make-1:4.2.1-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:make-1:4.2.1-10.el8.x86_64" }, "product_reference": "make-1:4.2.1-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "make-debugsource-1:4.2.1-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:make-debugsource-1:4.2.1-10.el8.x86_64" }, "product_reference": "make-debugsource-1:4.2.1-10.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:4.18.0-240.22.1.el8_3.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:perf-0:4.18.0-240.22.1.el8_3.x86_64" }, "product_reference": "perf-0:4.18.0-240.22.1.el8_3.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64" }, "product_reference": "perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:python3-perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64" }, "product_reference": "python3-perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-virtualization-host-0:4.4.5-20210330.0.el8_3.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.5-20210330.0.el8_3.src" }, "product_reference": "redhat-virtualization-host-0:4.4.5-20210330.0.el8_3.src", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-virtualization-host-image-update-0:4.4.5-20210330.0.el8_3.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.5-20210330.0.el8_3.noarch" }, "product_reference": "redhat-virtualization-host-image-update-0:4.4.5-20210330.0.el8_3.noarch", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "tbb-0:2018.2-9.el8.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:tbb-0:2018.2-9.el8.src" }, "product_reference": "tbb-0:2018.2-9.el8.src", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "tbb-0:2018.2-9.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:tbb-0:2018.2-9.el8.x86_64" }, "product_reference": "tbb-0:2018.2-9.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "tbb-debugsource-0:2018.2-9.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:tbb-debugsource-0:2018.2-9.el8.x86_64" }, "product_reference": "tbb-debugsource-0:2018.2-9.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "vim-X11-debuginfo-2:8.0.1763-15.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:vim-X11-debuginfo-2:8.0.1763-15.el8.x86_64" }, "product_reference": "vim-X11-debuginfo-2:8.0.1763-15.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "vim-common-2:8.0.1763-15.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:vim-common-2:8.0.1763-15.el8.x86_64" }, "product_reference": "vim-common-2:8.0.1763-15.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "vim-common-debuginfo-2:8.0.1763-15.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:vim-common-debuginfo-2:8.0.1763-15.el8.x86_64" }, "product_reference": "vim-common-debuginfo-2:8.0.1763-15.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "vim-debuginfo-2:8.0.1763-15.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:vim-debuginfo-2:8.0.1763-15.el8.x86_64" }, "product_reference": "vim-debuginfo-2:8.0.1763-15.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "vim-debugsource-2:8.0.1763-15.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:vim-debugsource-2:8.0.1763-15.el8.x86_64" }, "product_reference": "vim-debugsource-2:8.0.1763-15.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "vim-enhanced-2:8.0.1763-15.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:vim-enhanced-2:8.0.1763-15.el8.x86_64" }, "product_reference": "vim-enhanced-2:8.0.1763-15.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "vim-enhanced-debuginfo-2:8.0.1763-15.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:vim-enhanced-debuginfo-2:8.0.1763-15.el8.x86_64" }, "product_reference": "vim-enhanced-debuginfo-2:8.0.1763-15.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "vim-filesystem-2:8.0.1763-15.el8.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:vim-filesystem-2:8.0.1763-15.el8.noarch" }, "product_reference": "vim-filesystem-2:8.0.1763-15.el8.noarch", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "vim-minimal-debuginfo-2:8.0.1763-15.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:vim-minimal-debuginfo-2:8.0.1763-15.el8.x86_64" }, "product_reference": "vim-minimal-debuginfo-2:8.0.1763-15.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "zip-0:3.0-23.el8.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:zip-0:3.0-23.el8.src" }, "product_reference": "zip-0:3.0-23.el8.src", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "zip-0:3.0-23.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:zip-0:3.0-23.el8.x86_64" }, "product_reference": "zip-0:3.0-23.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "zip-debugsource-0:3.0-23.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8", "product_id": "8Base-RHV-Hypervisor-4:zip-debugsource-0:3.0-23.el8.x86_64" }, "product_reference": "zip-debugsource-0:3.0-23.el8.x86_64", "relates_to_product_reference": "8Base-RHV-Hypervisor-4" }, { "category": "default_component_of", "full_product_name": { "name": "imgbased-0:1.2.18-0.1.el8ev.noarch as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)", "product_id": "8Base-RHV-HypervisorBuild-4:imgbased-0:1.2.18-0.1.el8ev.noarch" }, "product_reference": "imgbased-0:1.2.18-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-HypervisorBuild-4" }, { "category": "default_component_of", "full_product_name": { "name": "imgbased-0:1.2.18-0.1.el8ev.src as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)", "product_id": "8Base-RHV-HypervisorBuild-4:imgbased-0:1.2.18-0.1.el8ev.src" }, "product_reference": "imgbased-0:1.2.18-0.1.el8ev.src", "relates_to_product_reference": "8Base-RHV-HypervisorBuild-4" }, { "category": "default_component_of", "full_product_name": { "name": "python3-imgbased-0:1.2.18-0.1.el8ev.noarch as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)", "product_id": "8Base-RHV-HypervisorBuild-4:python3-imgbased-0:1.2.18-0.1.el8ev.noarch" }, "product_reference": "python3-imgbased-0:1.2.18-0.1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-HypervisorBuild-4" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-release-virtualization-host-0:4.4.5-4.el8ev.src as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)", "product_id": "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.5-4.el8ev.src" }, "product_reference": "redhat-release-virtualization-host-0:4.4.5-4.el8ev.src", "relates_to_product_reference": "8Base-RHV-HypervisorBuild-4" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-release-virtualization-host-0:4.4.5-4.el8ev.x86_64 as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)", "product_id": "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.5-4.el8ev.x86_64" }, "product_reference": "redhat-release-virtualization-host-0:4.4.5-4.el8ev.x86_64", "relates_to_product_reference": "8Base-RHV-HypervisorBuild-4" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-virtualization-host-image-update-placeholder-0:4.4.5-4.el8ev.noarch as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)", "product_id": "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.5-4.el8ev.noarch" }, "product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.4.5-4.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-HypervisorBuild-4" }, { "category": "default_component_of", "full_product_name": { "name": "scap-security-guide-0:0.1.50-1.el8ev.src as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)", "product_id": "8Base-RHV-HypervisorBuild-4:scap-security-guide-0:0.1.50-1.el8ev.src" }, "product_reference": "scap-security-guide-0:0.1.50-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-HypervisorBuild-4" }, { "category": "default_component_of", "full_product_name": { "name": "scap-security-guide-rhv-0:0.1.50-1.el8ev.noarch as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)", "product_id": "8Base-RHV-HypervisorBuild-4:scap-security-guide-rhv-0:0.1.50-1.el8ev.noarch" }, "product_reference": "scap-security-guide-rhv-0:0.1.50-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-HypervisorBuild-4" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the OpenSSL project" ] }, { "names": [ "Nokia" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3449", "discovery_date": "2021-03-22T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-Hypervisor-4:boost-0:1.66.0-10.el8.src", "8Base-RHV-Hypervisor-4:boost-atomic-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-chrono-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-container-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-context-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-coroutine-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-date-time-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-date-time-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-debugsource-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-doctools-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-fiber-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-filesystem-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-filesystem-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-iostreams-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-locale-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-log-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-math-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-mpich-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-numpy3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-openmpi-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-program-options-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-random-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-regex-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-serialization-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-signals-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-stacktrace-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-system-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-system-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-test-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-thread-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-timer-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-timer-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-type_erasure-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-wave-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:bpftool-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:compat-libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:cpp-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:cpp-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-0:10.1.0-4.el8.src", "8Base-RHV-Hypervisor-4:dyninst-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-debugsource-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-devel-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-testsuite-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-0:8.3.1-5.1.el8.src", "8Base-RHV-Hypervisor-4:gcc-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-c++-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-debugsource-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-gdb-plugin-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-gfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-plugin-devel-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:glibc-debuginfo-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-debuginfo-common-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-devel-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-headers-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:isl-0:0.16.1-6.el8.src", "8Base-RHV-Hypervisor-4:isl-0:0.16.1-6.el8.x86_64", "8Base-RHV-Hypervisor-4:isl-debugsource-0:0.16.1-6.el8.x86_64", "8Base-RHV-Hypervisor-4:kernel-debug-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-debuginfo-common-x86_64-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-devel-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-headers-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-tools-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:libasan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libatomic-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgcc-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libitm-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:liblsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-0:1.0.2-9.el8.src", "8Base-RHV-Hypervisor-4:libmpc-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-debugsource-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libquadmath-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libstdc++-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libtsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libubsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libxcrypt-0:4.1.1-4.el8.src", "8Base-RHV-Hypervisor-4:libxcrypt-debugsource-0:4.1.1-4.el8.x86_64", "8Base-RHV-Hypervisor-4:libxcrypt-devel-0:4.1.1-4.el8.x86_64", "8Base-RHV-Hypervisor-4:make-1:4.2.1-10.el8.src", "8Base-RHV-Hypervisor-4:make-1:4.2.1-10.el8.x86_64", "8Base-RHV-Hypervisor-4:make-debugsource-1:4.2.1-10.el8.x86_64", "8Base-RHV-Hypervisor-4:perf-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:python3-perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:tbb-0:2018.2-9.el8.src", "8Base-RHV-Hypervisor-4:tbb-0:2018.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:tbb-debugsource-0:2018.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-X11-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-common-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-common-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-debugsource-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-enhanced-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-enhanced-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-filesystem-2:8.0.1763-15.el8.noarch", "8Base-RHV-Hypervisor-4:vim-minimal-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:zip-0:3.0-23.el8.src", "8Base-RHV-Hypervisor-4:zip-0:3.0-23.el8.x86_64", "8Base-RHV-Hypervisor-4:zip-debugsource-0:3.0-23.el8.x86_64", "8Base-RHV-HypervisorBuild-4:imgbased-0:1.2.18-0.1.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:imgbased-0:1.2.18-0.1.el8ev.src", "8Base-RHV-HypervisorBuild-4:python3-imgbased-0:1.2.18-0.1.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.5-4.el8ev.src", "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.5-4.el8ev.x86_64", "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.5-4.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:scap-security-guide-0:0.1.50-1.el8ev.src", "8Base-RHV-HypervisorBuild-4:scap-security-guide-rhv-0:0.1.50-1.el8ev.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941554" } ], "notes": [ { "category": "description", "text": "A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extension. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NULL pointer dereference in signature_algorithms processing", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects OpenSSL 1.1.1, older versions are not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.5-20210330.0.el8_3.src", "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.5-20210330.0.el8_3.noarch" ], "known_not_affected": [ "8Base-RHV-Hypervisor-4:boost-0:1.66.0-10.el8.src", "8Base-RHV-Hypervisor-4:boost-atomic-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-chrono-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-container-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-context-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-coroutine-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-date-time-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-date-time-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-debugsource-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-doctools-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-fiber-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-filesystem-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-filesystem-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-iostreams-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-locale-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-log-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-math-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-mpich-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-numpy3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-openmpi-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-program-options-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-random-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-regex-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-serialization-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-signals-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-stacktrace-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-system-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-system-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-test-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-thread-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-timer-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-timer-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-type_erasure-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-wave-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:bpftool-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:compat-libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:cpp-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:cpp-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-0:10.1.0-4.el8.src", "8Base-RHV-Hypervisor-4:dyninst-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-debugsource-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-devel-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-testsuite-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-0:8.3.1-5.1.el8.src", "8Base-RHV-Hypervisor-4:gcc-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-c++-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-debugsource-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-gdb-plugin-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-gfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-plugin-devel-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:glibc-debuginfo-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-debuginfo-common-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-devel-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-headers-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:isl-0:0.16.1-6.el8.src", "8Base-RHV-Hypervisor-4:isl-0:0.16.1-6.el8.x86_64", "8Base-RHV-Hypervisor-4:isl-debugsource-0:0.16.1-6.el8.x86_64", "8Base-RHV-Hypervisor-4:kernel-debug-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-debuginfo-common-x86_64-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-devel-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-headers-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-tools-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:libasan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libatomic-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgcc-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libitm-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:liblsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-0:1.0.2-9.el8.src", "8Base-RHV-Hypervisor-4:libmpc-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-debugsource-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libquadmath-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libstdc++-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libtsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libubsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libxcrypt-0:4.1.1-4.el8.src", "8Base-RHV-Hypervisor-4:libxcrypt-debugsource-0:4.1.1-4.el8.x86_64", "8Base-RHV-Hypervisor-4:libxcrypt-devel-0:4.1.1-4.el8.x86_64", "8Base-RHV-Hypervisor-4:make-1:4.2.1-10.el8.src", "8Base-RHV-Hypervisor-4:make-1:4.2.1-10.el8.x86_64", "8Base-RHV-Hypervisor-4:make-debugsource-1:4.2.1-10.el8.x86_64", "8Base-RHV-Hypervisor-4:perf-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:python3-perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:tbb-0:2018.2-9.el8.src", "8Base-RHV-Hypervisor-4:tbb-0:2018.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:tbb-debugsource-0:2018.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-X11-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-common-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-common-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-debugsource-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-enhanced-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-enhanced-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-filesystem-2:8.0.1763-15.el8.noarch", "8Base-RHV-Hypervisor-4:vim-minimal-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:zip-0:3.0-23.el8.src", "8Base-RHV-Hypervisor-4:zip-0:3.0-23.el8.x86_64", "8Base-RHV-Hypervisor-4:zip-debugsource-0:3.0-23.el8.x86_64", "8Base-RHV-HypervisorBuild-4:imgbased-0:1.2.18-0.1.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:imgbased-0:1.2.18-0.1.el8ev.src", "8Base-RHV-HypervisorBuild-4:python3-imgbased-0:1.2.18-0.1.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.5-4.el8ev.src", "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.5-4.el8ev.x86_64", "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.5-4.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:scap-security-guide-0:0.1.50-1.el8ev.src", "8Base-RHV-HypervisorBuild-4:scap-security-guide-rhv-0:0.1.50-1.el8ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3449" }, { "category": "external", "summary": "RHBZ#1941554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3449", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210325.txt", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "release_date": "2021-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-04-14T11:42:19+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\nThe system must be rebooted for this update to take effect. For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted.", "product_ids": [ "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.5-20210330.0.el8_3.src", "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.5-20210330.0.el8_3.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1189" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling TLS renegotiation on servers compiled with OpenSSL. It is enabled by default, but can be disabled for servers which do not require it and can be used to mitigate this flaw. Versions of httpd package shipped with Red Hat Enterprise Linux 8 have TLS renegotiation disabled by default.", "product_ids": [ "8Base-RHV-Hypervisor-4:boost-0:1.66.0-10.el8.src", "8Base-RHV-Hypervisor-4:boost-atomic-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-chrono-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-container-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-context-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-coroutine-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-date-time-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-date-time-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-debugsource-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-doctools-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-fiber-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-filesystem-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-filesystem-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-iostreams-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-locale-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-log-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-math-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-mpich-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-numpy3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-openmpi-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-program-options-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-random-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-regex-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-serialization-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-signals-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-stacktrace-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-system-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-system-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-test-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-thread-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-timer-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-timer-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-type_erasure-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-wave-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:bpftool-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:compat-libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:cpp-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:cpp-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-0:10.1.0-4.el8.src", "8Base-RHV-Hypervisor-4:dyninst-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-debugsource-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-devel-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-testsuite-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-0:8.3.1-5.1.el8.src", "8Base-RHV-Hypervisor-4:gcc-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-c++-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-debugsource-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-gdb-plugin-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-gfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-plugin-devel-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:glibc-debuginfo-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-debuginfo-common-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-devel-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-headers-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:isl-0:0.16.1-6.el8.src", "8Base-RHV-Hypervisor-4:isl-0:0.16.1-6.el8.x86_64", "8Base-RHV-Hypervisor-4:isl-debugsource-0:0.16.1-6.el8.x86_64", "8Base-RHV-Hypervisor-4:kernel-debug-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-debuginfo-common-x86_64-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-devel-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-headers-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-tools-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:libasan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libatomic-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgcc-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libitm-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:liblsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-0:1.0.2-9.el8.src", "8Base-RHV-Hypervisor-4:libmpc-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-debugsource-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libquadmath-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libstdc++-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libtsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libubsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libxcrypt-0:4.1.1-4.el8.src", "8Base-RHV-Hypervisor-4:libxcrypt-debugsource-0:4.1.1-4.el8.x86_64", "8Base-RHV-Hypervisor-4:libxcrypt-devel-0:4.1.1-4.el8.x86_64", "8Base-RHV-Hypervisor-4:make-1:4.2.1-10.el8.src", "8Base-RHV-Hypervisor-4:make-1:4.2.1-10.el8.x86_64", "8Base-RHV-Hypervisor-4:make-debugsource-1:4.2.1-10.el8.x86_64", "8Base-RHV-Hypervisor-4:perf-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:python3-perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.5-20210330.0.el8_3.src", "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.5-20210330.0.el8_3.noarch", "8Base-RHV-Hypervisor-4:tbb-0:2018.2-9.el8.src", "8Base-RHV-Hypervisor-4:tbb-0:2018.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:tbb-debugsource-0:2018.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-X11-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-common-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-common-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-debugsource-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-enhanced-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-enhanced-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-filesystem-2:8.0.1763-15.el8.noarch", "8Base-RHV-Hypervisor-4:vim-minimal-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:zip-0:3.0-23.el8.src", "8Base-RHV-Hypervisor-4:zip-0:3.0-23.el8.x86_64", "8Base-RHV-Hypervisor-4:zip-debugsource-0:3.0-23.el8.x86_64", "8Base-RHV-HypervisorBuild-4:imgbased-0:1.2.18-0.1.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:imgbased-0:1.2.18-0.1.el8ev.src", "8Base-RHV-HypervisorBuild-4:python3-imgbased-0:1.2.18-0.1.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.5-4.el8ev.src", "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.5-4.el8ev.x86_64", "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.5-4.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:scap-security-guide-0:0.1.50-1.el8ev.src", "8Base-RHV-HypervisorBuild-4:scap-security-guide-rhv-0:0.1.50-1.el8ev.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.5-20210330.0.el8_3.src", "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.5-20210330.0.el8_3.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: NULL pointer dereference in signature_algorithms processing" }, { "acknowledgments": [ { "names": [ "the OpenSSL Project" ] }, { "names": [ "Benjamin Kaduk" ], "summary": "Acknowledged by upstream." }, { "names": [ "Xiang Ding and others" ], "organization": "Akamai", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3450", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2021-03-22T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-Hypervisor-4:boost-0:1.66.0-10.el8.src", "8Base-RHV-Hypervisor-4:boost-atomic-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-chrono-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-container-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-context-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-coroutine-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-date-time-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-date-time-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-debugsource-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-doctools-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-fiber-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-filesystem-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-filesystem-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-iostreams-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-locale-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-log-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-math-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-mpich-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-numpy3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-openmpi-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-program-options-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-random-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-regex-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-serialization-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-signals-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-stacktrace-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-system-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-system-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-test-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-thread-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-timer-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-timer-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-type_erasure-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-wave-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:bpftool-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:compat-libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:cpp-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:cpp-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-0:10.1.0-4.el8.src", "8Base-RHV-Hypervisor-4:dyninst-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-debugsource-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-devel-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-testsuite-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-0:8.3.1-5.1.el8.src", "8Base-RHV-Hypervisor-4:gcc-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-c++-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-debugsource-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-gdb-plugin-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-gfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-plugin-devel-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:glibc-debuginfo-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-debuginfo-common-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-devel-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-headers-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:isl-0:0.16.1-6.el8.src", "8Base-RHV-Hypervisor-4:isl-0:0.16.1-6.el8.x86_64", "8Base-RHV-Hypervisor-4:isl-debugsource-0:0.16.1-6.el8.x86_64", "8Base-RHV-Hypervisor-4:kernel-debug-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-debuginfo-common-x86_64-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-devel-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-headers-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-tools-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:libasan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libatomic-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgcc-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libitm-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:liblsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-0:1.0.2-9.el8.src", "8Base-RHV-Hypervisor-4:libmpc-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-debugsource-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libquadmath-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libstdc++-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libtsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libubsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libxcrypt-0:4.1.1-4.el8.src", "8Base-RHV-Hypervisor-4:libxcrypt-debugsource-0:4.1.1-4.el8.x86_64", "8Base-RHV-Hypervisor-4:libxcrypt-devel-0:4.1.1-4.el8.x86_64", "8Base-RHV-Hypervisor-4:make-1:4.2.1-10.el8.src", "8Base-RHV-Hypervisor-4:make-1:4.2.1-10.el8.x86_64", "8Base-RHV-Hypervisor-4:make-debugsource-1:4.2.1-10.el8.x86_64", "8Base-RHV-Hypervisor-4:perf-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:python3-perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:tbb-0:2018.2-9.el8.src", "8Base-RHV-Hypervisor-4:tbb-0:2018.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:tbb-debugsource-0:2018.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-X11-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-common-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-common-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-debugsource-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-enhanced-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-enhanced-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-filesystem-2:8.0.1763-15.el8.noarch", "8Base-RHV-Hypervisor-4:vim-minimal-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:zip-0:3.0-23.el8.src", "8Base-RHV-Hypervisor-4:zip-0:3.0-23.el8.x86_64", "8Base-RHV-Hypervisor-4:zip-debugsource-0:3.0-23.el8.x86_64", "8Base-RHV-HypervisorBuild-4:imgbased-0:1.2.18-0.1.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:imgbased-0:1.2.18-0.1.el8ev.src", "8Base-RHV-HypervisorBuild-4:python3-imgbased-0:1.2.18-0.1.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.5-4.el8ev.src", "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.5-4.el8ev.x86_64", "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.5-4.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:scap-security-guide-0:0.1.50-1.el8ev.src", "8Base-RHV-HypervisorBuild-4:scap-security-guide-rhv-0:0.1.50-1.el8ev.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941547" } ], "notes": [ { "category": "description", "text": "A flaw was found in openssl. The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects openssl 1.1.1h and above only, older versions are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.5-20210330.0.el8_3.src", "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.5-20210330.0.el8_3.noarch" ], "known_not_affected": [ "8Base-RHV-Hypervisor-4:boost-0:1.66.0-10.el8.src", "8Base-RHV-Hypervisor-4:boost-atomic-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-chrono-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-container-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-context-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-coroutine-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-date-time-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-date-time-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-debugsource-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-doctools-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-fiber-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-filesystem-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-filesystem-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-iostreams-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-locale-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-log-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-math-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-mpich-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-numpy3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-openmpi-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-program-options-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-random-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-regex-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-serialization-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-signals-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-stacktrace-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-system-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-system-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-test-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-thread-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-timer-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-timer-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-type_erasure-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-wave-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:bpftool-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:compat-libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:cpp-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:cpp-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-0:10.1.0-4.el8.src", "8Base-RHV-Hypervisor-4:dyninst-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-debugsource-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-devel-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-testsuite-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-0:8.3.1-5.1.el8.src", "8Base-RHV-Hypervisor-4:gcc-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-c++-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-debugsource-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-gdb-plugin-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-gfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-plugin-devel-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:glibc-debuginfo-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-debuginfo-common-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-devel-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-headers-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:isl-0:0.16.1-6.el8.src", "8Base-RHV-Hypervisor-4:isl-0:0.16.1-6.el8.x86_64", "8Base-RHV-Hypervisor-4:isl-debugsource-0:0.16.1-6.el8.x86_64", "8Base-RHV-Hypervisor-4:kernel-debug-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-debuginfo-common-x86_64-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-devel-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-headers-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-tools-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:libasan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libatomic-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgcc-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libitm-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:liblsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-0:1.0.2-9.el8.src", "8Base-RHV-Hypervisor-4:libmpc-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-debugsource-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libquadmath-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libstdc++-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libtsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libubsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libxcrypt-0:4.1.1-4.el8.src", "8Base-RHV-Hypervisor-4:libxcrypt-debugsource-0:4.1.1-4.el8.x86_64", "8Base-RHV-Hypervisor-4:libxcrypt-devel-0:4.1.1-4.el8.x86_64", "8Base-RHV-Hypervisor-4:make-1:4.2.1-10.el8.src", "8Base-RHV-Hypervisor-4:make-1:4.2.1-10.el8.x86_64", "8Base-RHV-Hypervisor-4:make-debugsource-1:4.2.1-10.el8.x86_64", "8Base-RHV-Hypervisor-4:perf-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:python3-perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:tbb-0:2018.2-9.el8.src", "8Base-RHV-Hypervisor-4:tbb-0:2018.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:tbb-debugsource-0:2018.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-X11-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-common-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-common-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-debugsource-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-enhanced-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-enhanced-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-filesystem-2:8.0.1763-15.el8.noarch", "8Base-RHV-Hypervisor-4:vim-minimal-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:zip-0:3.0-23.el8.src", "8Base-RHV-Hypervisor-4:zip-0:3.0-23.el8.x86_64", "8Base-RHV-Hypervisor-4:zip-debugsource-0:3.0-23.el8.x86_64", "8Base-RHV-HypervisorBuild-4:imgbased-0:1.2.18-0.1.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:imgbased-0:1.2.18-0.1.el8ev.src", "8Base-RHV-HypervisorBuild-4:python3-imgbased-0:1.2.18-0.1.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.5-4.el8ev.src", "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.5-4.el8ev.x86_64", "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.5-4.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:scap-security-guide-0:0.1.50-1.el8ev.src", "8Base-RHV-HypervisorBuild-4:scap-security-guide-rhv-0:0.1.50-1.el8ev.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3450" }, { "category": "external", "summary": "RHBZ#1941547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941547" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3450", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210325.txt", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "release_date": "2021-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-04-14T11:42:19+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\nThe system must be rebooted for this update to take effect. For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted.", "product_ids": [ "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.5-20210330.0.el8_3.src", "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.5-20210330.0.el8_3.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1189" }, { "category": "workaround", "details": "The following conditions have to be met for an application compiled with OpenSSL to be vulnerable:\n\n- the CA trusted by the system must issue or have issued certificates that don\u0027t include basic Key Usage extension.\n- the CA certificates must not have path length constraint set to a value that would limit the certificate chain to just the subscriber certificates (i.e. CA certificate just above the subscriber cert must not have 0 as the path length constraint, and any CA above it must not have it increase by more than 1 for every level in the hierarchy)\n- the attacker needs to have access to such subscriber certificate (without basic Key Usage and linking up to CAs without path length constraints or not effectively constraining certs issued by this certificate)\n- the application under attack must use the X509_V_FLAG_X509_STRICT flag and must not set purpose for the certificate verification\n\nif any of the above conditions are not met then the application compiled with OpenSSL is not vulnerable to the CVE.", "product_ids": [ "8Base-RHV-Hypervisor-4:boost-0:1.66.0-10.el8.src", "8Base-RHV-Hypervisor-4:boost-atomic-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-chrono-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-container-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-context-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-coroutine-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-date-time-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-date-time-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-debugsource-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-doctools-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-fiber-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-filesystem-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-filesystem-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-graph-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-iostreams-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-locale-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-log-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-math-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-mpich-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-mpich-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-numpy3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-openmpi-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-openmpi-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-program-options-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-python3-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-random-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-regex-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-serialization-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-signals-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-stacktrace-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-system-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-system-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-test-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-thread-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-timer-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-timer-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-type_erasure-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:boost-wave-debuginfo-0:1.66.0-10.el8.x86_64", "8Base-RHV-Hypervisor-4:bpftool-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:compat-libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:cpp-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:cpp-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-0:10.1.0-4.el8.src", "8Base-RHV-Hypervisor-4:dyninst-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-debugsource-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-devel-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:dyninst-testsuite-debuginfo-0:10.1.0-4.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-0:8.3.1-5.1.el8.src", "8Base-RHV-Hypervisor-4:gcc-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-c++-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-debugsource-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-gdb-plugin-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-gfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:gcc-plugin-devel-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:glibc-debuginfo-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-debuginfo-common-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-devel-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:glibc-headers-0:2.28-127.el8_3.2.x86_64", "8Base-RHV-Hypervisor-4:isl-0:0.16.1-6.el8.src", "8Base-RHV-Hypervisor-4:isl-0:0.16.1-6.el8.x86_64", "8Base-RHV-Hypervisor-4:isl-debugsource-0:0.16.1-6.el8.x86_64", "8Base-RHV-Hypervisor-4:kernel-debug-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-debuginfo-common-x86_64-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-devel-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-headers-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:kernel-tools-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:libasan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libatomic-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgcc-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgcc-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgfortran-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libgomp-offload-nvptx-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libitm-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:liblsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-0:1.0.2-9.el8.src", "8Base-RHV-Hypervisor-4:libmpc-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-debuginfo-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libmpc-debugsource-0:1.0.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:libquadmath-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libstdc++-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libtsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libubsan-debuginfo-0:8.3.1-5.1.el8.x86_64", "8Base-RHV-Hypervisor-4:libxcrypt-0:4.1.1-4.el8.src", "8Base-RHV-Hypervisor-4:libxcrypt-debugsource-0:4.1.1-4.el8.x86_64", "8Base-RHV-Hypervisor-4:libxcrypt-devel-0:4.1.1-4.el8.x86_64", "8Base-RHV-Hypervisor-4:make-1:4.2.1-10.el8.src", "8Base-RHV-Hypervisor-4:make-1:4.2.1-10.el8.x86_64", "8Base-RHV-Hypervisor-4:make-debugsource-1:4.2.1-10.el8.x86_64", "8Base-RHV-Hypervisor-4:perf-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:python3-perf-debuginfo-0:4.18.0-240.22.1.el8_3.x86_64", "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.5-20210330.0.el8_3.src", "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.5-20210330.0.el8_3.noarch", "8Base-RHV-Hypervisor-4:tbb-0:2018.2-9.el8.src", "8Base-RHV-Hypervisor-4:tbb-0:2018.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:tbb-debugsource-0:2018.2-9.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-X11-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-common-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-common-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-debugsource-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-enhanced-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-enhanced-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:vim-filesystem-2:8.0.1763-15.el8.noarch", "8Base-RHV-Hypervisor-4:vim-minimal-debuginfo-2:8.0.1763-15.el8.x86_64", "8Base-RHV-Hypervisor-4:zip-0:3.0-23.el8.src", "8Base-RHV-Hypervisor-4:zip-0:3.0-23.el8.x86_64", "8Base-RHV-Hypervisor-4:zip-debugsource-0:3.0-23.el8.x86_64", "8Base-RHV-HypervisorBuild-4:imgbased-0:1.2.18-0.1.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:imgbased-0:1.2.18-0.1.el8ev.src", "8Base-RHV-HypervisorBuild-4:python3-imgbased-0:1.2.18-0.1.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.5-4.el8ev.src", "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.5-4.el8ev.x86_64", "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.5-4.el8ev.noarch", "8Base-RHV-HypervisorBuild-4:scap-security-guide-0:0.1.50-1.el8ev.src", "8Base-RHV-HypervisorBuild-4:scap-security-guide-rhv-0:0.1.50-1.el8ev.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.5-20210330.0.el8_3.src", "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.5-20210330.0.el8_3.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT" } ] }
rhsa-2021_1199
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity fix(es):\n\n* openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1199", "url": "https://access.redhat.com/errata/RHSA-2021:1199" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1941547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941547" }, { "category": "external", "summary": "1941554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941554" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1199.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update", "tracking": { "current_release_date": "2024-11-05T23:27:40+00:00", "generator": { "date": "2024-11-05T23:27:40+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:1199", "initial_release_date": "2021-04-14T15:56:54+00:00", "revision_history": [ { "date": "2021-04-14T15:56:54+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-04-14T15:56:54+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:27:40+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product": { "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.src", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.src", "product_id": "jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1g-6.jbcs.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.src", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.src", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-20.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.src", "product": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.src", "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-37.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.src", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.src", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-5.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.src", "product_id": "jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-70.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.0.8-33.jbcs.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.7-14.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-60.GA.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-0:1.2.48-13.redhat_1.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-13.redhat_1.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_jk-0:1.2.48-13.redhat_1.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-13.redhat_1.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.14-20.Final_redhat_2.jbcs.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1g-6.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.1.1g-6.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1g-6.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.1.1g-6.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1g-6.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.1.1g-6.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1g-6.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.1.1g-6.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1g-6.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.1.1g-6.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1g-6.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.1.1g-6.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1g-6.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.1.1g-6.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.1.1g-6.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.1.1g-6.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1g-6.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-6.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-6.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-6.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1g-6.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-20.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-20.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-20.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-20.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11-debuginfo@0.4.10-20.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-37.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-37.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-37.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-37.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-37.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-37.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-37.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-37.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-37.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-5.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-5.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-5.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-5.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil-debuginfo@1.0.0-5.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-70.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.37-70.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.37-70.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-70.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-70.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-70.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-70.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-70.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-70.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.37-70.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.37-70.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-70.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-70.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.37-70.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.37-70.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-70.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-70.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-70.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-70.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-70.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-70.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.37-70.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.37-70.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.37-70.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-70.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.37-70.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.37-70.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-70.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-70.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-70.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-70.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-70.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-70.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.0.8-33.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-33.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-33.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-33.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.0.8-33.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.7-14.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.7-14.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-60.GA.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-60.GA.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-60.GA.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-60.GA.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-60.GA.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-13.redhat_1.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.48-13.redhat_1.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.48-13.redhat_1.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.14-20.Final_redhat_2.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.14-20.Final_redhat_2.jbcs.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.37-70.jbcs.el7.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.37-70.jbcs.el7.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-70.jbcs.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-70.jbcs.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-70.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-70.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-70.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.37-70.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-70.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-70.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.37-70.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-70.jbcs.el7.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-70.jbcs.el7.noarch", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-70.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-70.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-70.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.37-70.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-70.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-70.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-13.redhat_1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-13.redhat_1.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-13.redhat_1.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-13.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-13.redhat_1.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-13.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-13.redhat_1.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-13.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-13.redhat_1.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.37-70.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-70.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-70.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-33.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-33.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-70.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-70.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-70.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-60.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-60.GA.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-60.GA.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.37-70.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-70.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.37-70.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.37-70.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-70.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-70.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-37.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-37.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-37.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-37.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-37.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-37.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-5.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-5.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-5.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-6.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-6.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-6.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1g-6.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-6.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1g-6.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1g-6.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-6.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1g-6.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1g-6.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-6.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1g-6.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-20.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-20.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-20.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.1.1g-6.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-6.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.1.1g-6.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "the OpenSSL project" ] }, { "names": [ "Nokia" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3449", "discovery_date": "2021-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941554" } ], "notes": [ { "category": "description", "text": "A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extension. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: NULL pointer dereference in signature_algorithms processing", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects OpenSSL 1.1.1, older versions are not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-70.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-13.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-60.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-5.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-6.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3449" }, { "category": "external", "summary": "RHBZ#1941554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3449", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210325.txt", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "release_date": "2021-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-04-14T15:56:54+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-70.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-13.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-60.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-5.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-6.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1199" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling TLS renegotiation on servers compiled with OpenSSL. It is enabled by default, but can be disabled for servers which do not require it and can be used to mitigate this flaw. Versions of httpd package shipped with Red Hat Enterprise Linux 8 have TLS renegotiation disabled by default.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-70.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-13.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-60.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-5.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-6.jbcs.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-70.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-13.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-60.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-5.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-6.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: NULL pointer dereference in signature_algorithms processing" }, { "acknowledgments": [ { "names": [ "the OpenSSL Project" ] }, { "names": [ "Benjamin Kaduk" ], "summary": "Acknowledged by upstream." }, { "names": [ "Xiang Ding and others" ], "organization": "Akamai", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2021-3450", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2021-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1941547" } ], "notes": [ { "category": "description", "text": "A flaw was found in openssl. The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects openssl 1.1.1h and above only, older versions are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-70.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-13.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-60.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-5.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-6.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3450" }, { "category": "external", "summary": "RHBZ#1941547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941547" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3450", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20210325.txt", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "release_date": "2021-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-04-14T15:56:54+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-70.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-13.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-60.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-5.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-6.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1199" }, { "category": "workaround", "details": "The following conditions have to be met for an application compiled with OpenSSL to be vulnerable:\n\n- the CA trusted by the system must issue or have issued certificates that don\u0027t include basic Key Usage extension.\n- the CA certificates must not have path length constraint set to a value that would limit the certificate chain to just the subscriber certificates (i.e. CA certificate just above the subscriber cert must not have 0 as the path length constraint, and any CA above it must not have it increase by more than 1 for every level in the hierarchy)\n- the attacker needs to have access to such subscriber certificate (without basic Key Usage and linking up to CAs without path length constraints or not effectively constraining certs issued by this certificate)\n- the application under attack must use the X509_V_FLAG_X509_STRICT flag and must not set purpose for the certificate verification\n\nif any of the above conditions are not met then the application compiled with OpenSSL is not vulnerable to the CVE.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-70.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-13.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-60.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-5.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-6.jbcs.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-70.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-20.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-13.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-13.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-60.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-70.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-37.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-5.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-6.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-6.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT" } ] }
wid-sec-w-2022-1303
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).\r\nGraalVM ist eine universelle virtuelle Maschine zum Ausf\u00fchren von Anwendungen, die in JavaScript, Python, Ruby, R, JVM-basierten Sprachen wie Java, Scala, Groovy, Kotlin, Clojure und LLVM-basierten Sprachen wie C und C++ geschrieben wurden.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE und Oracle GraalVM ausnutzen, um die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges\n- Hardware Appliance", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-1303 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-1303.json" }, { "category": "self", "summary": "WID-SEC-2022-1303 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1303" }, { "category": "external", "summary": "F5 Security Advisory K71522481 vom 2022-12-07", "url": "https://support.f5.com/csp/article/K71522481" }, { "category": "external", "summary": "AVAYA Security Advisory ASA-2021-040 vom 2021-05-07", "url": "https://downloads.avaya.com/css/P8/documents/101075694" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:1554-1 vom 2021-05-11", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008756.html" }, { "category": "external", "summary": "Hitachi Vulnerability Information HITACHI-SEC-2021-115 vom 2021-05-14", "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-115/index.html" }, { "category": "external", "summary": "XEROX Security Advisory XRX21-008 vom 2021-05-19", "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/05/cert_XRX21-008_FFPSv7-S10_DvdUsb-Bulletin_May2021.pdf" }, { "category": "external", "summary": "XEROX Security Advisory XRX21-009 vom 2021-05-19", "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2021/05/cert_XRX21-009_FFPSv9-S10_DvdUsb-Bulletin_May2021.pdf" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - April 2021 - Appendix Oracle Java SE vom 2021-04-20", "url": "https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1297 vom 2021-04-20", "url": "https://access.redhat.com/errata/RHSA-2021:1297" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1298 vom 2021-04-20", "url": "https://access.redhat.com/errata/RHSA-2021:1298" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1299 vom 2021-04-20", "url": "https://access.redhat.com/errata/RHSA-2021:1299" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1301 vom 2021-04-20", "url": "https://access.redhat.com/errata/RHSA-2021:1301" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1305 vom 2021-04-20", "url": "https://access.redhat.com/errata/RHSA-2021:1305" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1306 vom 2021-04-20", "url": "https://access.redhat.com/errata/RHSA-2021:1306" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1307 vom 2021-04-20", "url": "https://access.redhat.com/errata/RHSA-2021:1307" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2021-1298 vom 2021-04-21", "url": "https://linux.oracle.com/errata/ELSA-2021-1298.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2021-1297 vom 2021-04-21", "url": "https://linux.oracle.com/errata/ELSA-2021-1297.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2021-1307 vom 2021-04-21", "url": "https://linux.oracle.com/errata/ELSA-2021-1307.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2021-1301 vom 2021-04-21", "url": "https://linux.oracle.com/errata/ELSA-2021-1301.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1315 vom 2021-04-21", "url": "https://access.redhat.com/errata/RHSA-2021:1315" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2021-65AA196C14 vom 2021-04-22", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2021-65aa196c14" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2021-8B80EF64F1 vom 2021-04-22", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2021-8b80ef64f1" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2021-6EB9BBBF0C vom 2021-04-22", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2021-6eb9bbbf0c" }, { "category": "external", "summary": "Debian Security Advisory DLA-2634 vom 2021-04-23", "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html" }, { "category": "external", "summary": "Debian Security Advisory DSA-4899 vom 2021-04-24", "url": "https://www.debian.org/security/2021/dsa-4899" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:1314-1 vom 2021-04-26", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008676.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-4892-1 vom 2021-04-27", "url": "https://ubuntu.com/security/notices/USN-4892-1" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1447 vom 2021-04-28", "url": "https://access.redhat.com/errata/RHSA-2021:1447" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1446 vom 2021-04-28", "url": "https://access.redhat.com/errata/RHSA-2021:1446" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1445 vom 2021-04-28", "url": "https://access.redhat.com/errata/RHSA-2021:1445" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1444 vom 2021-04-28", "url": "https://access.redhat.com/errata/RHSA-2021:1444" }, { "category": "external", "summary": "CentOS Security Advisory CESA-2021:1297 vom 2021-04-30", "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2021-1297-Moderate-CentOS-7-java-11-openjdk-Security-Update-tp4646173.html" }, { "category": "external", "summary": "CentOS Security Advisory CESA-2021:1298 vom 2021-04-30", "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2021-1298-Moderate-CentOS-7-java-1-8-0-openjdk-Security-Update-tp4646174.html" }, { "category": "external", "summary": "AVAYA Security Advisory ASA-2021-034 vom 2021-05-03", "url": "https://downloads.avaya.com/css/P8/documents/101075625" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1429 vom 2021-05-05", "url": "https://access.redhat.com/errata/RHSA-2021:1429" }, { "category": "external", "summary": "AVAYA Security Advisory ASA-2021-032 vom 2021-05-04", "url": "https://downloads.avaya.com/css/P8/documents/101075638" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:1980-1 vom 2021-06-15", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/009020.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:1989-1 vom 2021-06-17", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/009025.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2021-1515 vom 2021-07-13", "url": "https://alas.aws.amazon.com/ALAS-2021-1515.html" }, { "category": "external", "summary": "Juniper Security Advisory JSA11206 vom 2021-07-14", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11206\u0026cat=SIRT_1" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:2797-1 vom 2021-08-20", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009315.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:2798-1 vom 2021-08-20", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009324.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:3007-1 vom 2021-09-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009422.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:0108-1 vom 2022-01-18", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010012.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:14876-1 vom 2022-01-18", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010022.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:0107-1 vom 2022-01-18", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010011.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:14875-1 vom 2022-01-18", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010014.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:0166-1 vom 2022-01-24", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-January/010052.html" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202209-05 vom 2022-09-07", "url": "https://security.gentoo.org/glsa/202209-05" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6755 vom 2022-09-29", "url": "https://access.redhat.com/errata/RHSA-2022:6755" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6756 vom 2022-09-29", "url": "https://access.redhat.com/errata/RHSA-2022:6756" }, { "category": "external", "summary": "HCL Article KB0100876 vom 2022-10-06", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100876" }, { "category": "external", "summary": "IBM Security Bulletin 6827849 vom 2022-10-08", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-txseries-for-multiplatforms-is-vulnerable-to-no-confidentiality-impact-high-integrity-impact-and-no-availability-impact-cve-2021-2163/" }, { "category": "external", "summary": "Trellix Knowledge Center", "url": "https://kcm.trellix.com/corporate/index?page=content\u0026id=SB10366" }, { "category": "external", "summary": "IBM Security Bulletin 6837645 vom 2022-11-08", "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-tivoli-monitoring-included-websphere-application-server-and-ibm-http-server-used-by-websphere-application-server-3/" } ], "source_lang": "en-US", "title": "Oracle Java SE: Mehrere Schwachstellen", "tracking": { "current_release_date": "2022-12-06T23:00:00.000+00:00", "generator": { "date": "2024-02-15T16:57:31.343+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-1303", "initial_release_date": "2021-04-20T22:00:00.000+00:00", "revision_history": [ { "date": "2021-04-20T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2021-04-21T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen" }, { "date": "2021-04-22T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2021-04-25T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Fedora und Debian aufgenommen" }, { "date": "2021-04-26T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-04-27T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2021-04-28T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-05-02T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von CentOS aufgenommen" }, { "date": "2021-05-04T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von AVAYA und Red Hat aufgenommen" }, { "date": "2021-05-05T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von AVAYA aufgenommen" }, { "date": "2021-05-09T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von AVAYA aufgenommen" }, { "date": "2021-05-10T22:00:00.000+00:00", "number": "12", "summary": "Betroffene Produkte von Avaya nachgetragen" }, { "date": "2021-05-11T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-05-13T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von HITACHI aufgenommen" }, { "date": "2021-05-19T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates von XEROX aufgenommen" }, { "date": "2021-06-15T22:00:00.000+00:00", "number": "16", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-06-17T22:00:00.000+00:00", "number": "17", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-07-12T22:00:00.000+00:00", "number": "18", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2021-07-14T22:00:00.000+00:00", "number": "19", "summary": "Neue Updates von Juniper aufgenommen" }, { "date": "2021-08-22T22:00:00.000+00:00", "number": "20", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-09-09T22:00:00.000+00:00", "number": "21", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-01-18T23:00:00.000+00:00", "number": "22", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-01-19T23:00:00.000+00:00", "number": "23", "summary": "Korrektur" }, { "date": "2022-01-24T23:00:00.000+00:00", "number": "24", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-09-06T22:00:00.000+00:00", "number": "25", "summary": "Neue Updates von Gentoo aufgenommen" }, { "date": "2022-09-29T22:00:00.000+00:00", "number": "26", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-10-06T22:00:00.000+00:00", "number": "27", "summary": "Neue Updates von HCL aufgenommen" }, { "date": "2022-10-09T22:00:00.000+00:00", "number": "28", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-10-30T23:00:00.000+00:00", "number": "29", "summary": "Neue Updates aufgenommen" }, { "date": "2022-11-07T23:00:00.000+00:00", "number": "30", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2022-11-10T23:00:00.000+00:00", "number": "31", "summary": "Referenz(en) aufgenommen:" }, { "date": "2022-12-06T23:00:00.000+00:00", "number": "32", "summary": "Neue Updates von F5 aufgenommen" } ], "status": "final", "version": "32" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Avaya Aura Application Enablement Services", "product": { "name": "Avaya Aura Application Enablement Services", "product_id": "T015516", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_application_enablement_services:-" } } }, { "category": "product_name", "name": "Avaya Aura Communication Manager", "product": { "name": "Avaya Aura Communication Manager", "product_id": "T015126", "product_identification_helper": { "cpe": "cpe:/a:avaya:communication_manager:-" } } }, { "category": "product_name", "name": "Avaya Aura Experience Portal", "product": { "name": "Avaya Aura Experience Portal", "product_id": "T015519", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_experience_portal:-" } } }, { "category": "product_name", "name": "Avaya Aura Session Manager", "product": { "name": "Avaya Aura Session Manager", "product_id": "T015127", "product_identification_helper": { "cpe": "cpe:/a:avaya:session_manager:-" } } }, { "category": "product_name", "name": "Avaya Aura System Manager", "product": { "name": "Avaya Aura System Manager", "product_id": "T015518", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_system_manager:-" } } }, { "category": "product_name", "name": "Avaya Session Border Controller", "product": { "name": "Avaya Session Border Controller", "product_id": "T015520", "product_identification_helper": { "cpe": "cpe:/h:avaya:session_border_controller:-" } } }, { "category": "product_name", "name": "Avaya Web License Manager", "product": { "name": "Avaya Web License Manager", "product_id": "T016243", "product_identification_helper": { "cpe": "cpe:/a:avaya:web_license_manager:-" } } } ], "category": "vendor", "name": "Avaya" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "F5 BIG-IP", "product": { "name": "F5 BIG-IP", "product_id": "T001663", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip:-" } } } ], "category": "vendor", "name": "F5" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "category": "product_name", "name": "HCL BigFix", "product": { "name": "HCL BigFix", "product_id": "T017494", "product_identification_helper": { "cpe": "cpe:/a:hcltech:bigfix:-" } } } ], "category": "vendor", "name": "HCL" }, { "branches": [ { "category": "product_name", "name": "Hitachi Command Suite", "product": { "name": "Hitachi Command Suite", "product_id": "T010951", "product_identification_helper": { "cpe": "cpe:/a:hitachi:command_suite:-" } } } ], "category": "vendor", "name": "Hitachi" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM TXSeries 9.1", "product": { "name": "IBM TXSeries 9.1", "product_id": "T015903", "product_identification_helper": { "cpe": "cpe:/a:ibm:txseries:for_multiplatforms_9.1" } } }, { "category": "product_name", "name": "IBM TXSeries 8.2", "product": { "name": "IBM TXSeries 8.2", "product_id": "T015904", "product_identification_helper": { "cpe": "cpe:/a:ibm:txseries:for_multiplatforms_8.2" } } } ], "category": "product_name", "name": "TXSeries" }, { "category": "product_name", "name": "IBM Tivoli Monitoring", "product": { "name": "IBM Tivoli Monitoring", "product_id": "T000066", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_monitoring:6" } } } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "category": "product_name", "name": "Juniper JUNOS", "product": { "name": "Juniper JUNOS", "product_id": "5930", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:-" } } } ], "category": "vendor", "name": "Juniper" }, { "branches": [ { "category": "product_name", "name": "Open Source CentOS", "product": { "name": "Open Source CentOS", "product_id": "1727", "product_identification_helper": { "cpe": "cpe:/o:centos:centos:-" } } }, { "branches": [ { "category": "product_name", "name": "Open Source OpenJDK 1.8.0", "product": { "name": "Open Source OpenJDK 1.8.0", "product_id": "185976", "product_identification_helper": { "cpe": "cpe:/a:oracle:openjdk:1.8.0" } } }, { "category": "product_name", "name": "Open Source OpenJDK 11", "product": { "name": "Open Source OpenJDK 11", "product_id": "711976", "product_identification_helper": { "cpe": "cpe:/a:oracle:openjdk:11" } } } ], "category": "product_name", "name": "OpenJDK" } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle GraalVM 19.3.5", "product": { "name": "Oracle GraalVM 19.3.5", "product_id": "T019021", "product_identification_helper": { "cpe": "cpe:/a:oracle:graalvm:19.3.5::enterprise" } } }, { "category": "product_name", "name": "Oracle GraalVM 20.3.1.2", "product": { "name": "Oracle GraalVM 20.3.1.2", "product_id": "T019022", "product_identification_helper": { "cpe": "cpe:/a:oracle:graalvm:20.3.1.2::enterprise" } } }, { "category": "product_name", "name": "Oracle GraalVM 21.0.0.2", "product": { "name": "Oracle GraalVM 21.0.0.2", "product_id": "T019023", "product_identification_helper": { "cpe": "cpe:/a:oracle:graalvm:21.0.0.2::enterprise" } } } ], "category": "product_name", "name": "GraalVM" }, { "branches": [ { "category": "product_name", "name": "Oracle Java SE 7u291", "product": { "name": "Oracle Java SE 7u291", "product_id": "T019005", "product_identification_helper": { "cpe": "cpe:/a:oracle:java_se:7u291" } } }, { "category": "product_name", "name": "Oracle Java SE 8u281", "product": { "name": "Oracle Java SE 8u281", "product_id": "T019006", "product_identification_helper": { "cpe": "cpe:/a:oracle:java_se:8u281" } } }, { "category": "product_name", "name": "Oracle Java SE 11.0.10", "product": { "name": "Oracle Java SE 11.0.10", "product_id": "T019007", "product_identification_helper": { "cpe": "cpe:/a:oracle:java_se:11.0.10" } } }, { "category": "product_name", "name": "Oracle Java SE 16", "product": { "name": "Oracle Java SE 16", "product_id": "T019008", "product_identification_helper": { "cpe": "cpe:/a:oracle:java_se:16" } } } ], "category": "product_name", "name": "Java SE" }, { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "T015361", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Trellix ePolicy Orchestrator \u003c 5.10 CU 11", "product": { "name": "Trellix ePolicy Orchestrator \u003c 5.10 CU 11", "product_id": "T024888", "product_identification_helper": { "cpe": "cpe:/a:trellix:epolicy_orchestrator:5.10_update_14" } } } ], "category": "vendor", "name": "Trellix" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" }, { "branches": [ { "category": "product_name", "name": "Xerox FreeFlow Print Server 7", "product": { "name": "Xerox FreeFlow Print Server 7", "product_id": "T000872", "product_identification_helper": { "cpe": "cpe:/a:xerox:freeflow_print_server:7" } } } ], "category": "vendor", "name": "Xerox" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-2161", "notes": [ { "category": "description", "text": "In Oracle Java SE und Oracle GraalVM existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T015904", "T015903", "711976", "T010951", "T015127", "T015126", "T004914", "T015520", "T017494", "T015361", "T024888", "T000872", "5930", "T001663", "398363", "185976", "T015519", "T015518", "T015516", "T019021", "T012167", "T019023", "T019022", "T016243", "T019005", "T019007", "T019006", "2951", "T002207", "T019008", "T000126", "T000066", "1727" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2161" }, { "cve": "CVE-2021-2163", "notes": [ { "category": "description", "text": "In Oracle Java SE und Oracle GraalVM existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T015904", "T015903", "711976", "T010951", "T015127", "T015126", "T004914", "T015520", "T017494", "T015361", "T024888", "T000872", "5930", "T001663", "398363", "185976", "T015519", "T015518", "T015516", "T019021", "T012167", "T019023", "T019022", "T016243", "T019005", "T019007", "T019006", "2951", "T002207", "T019008", "T000126", "T000066", "1727" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2163" }, { "cve": "CVE-2021-23841", "notes": [ { "category": "description", "text": "In Oracle Java SE und Oracle GraalVM existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T015904", "T015903", "711976", "T010951", "T015127", "T015126", "T004914", "T015520", "T017494", "T015361", "T024888", "T000872", "5930", "T001663", "398363", "185976", "T015519", "T015518", "T015516", "T019021", "T012167", "T019023", "T019022", "T016243", "T019005", "T019007", "T019006", "2951", "T002207", "T019008", "T000126", "T000066", "1727" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-23841" }, { "cve": "CVE-2021-3450", "notes": [ { "category": "description", "text": "In Oracle Java SE und Oracle GraalVM existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T015904", "T015903", "711976", "T010951", "T015127", "T015126", "T004914", "T015520", "T017494", "T015361", "T024888", "T000872", "5930", "T001663", "398363", "185976", "T015519", "T015518", "T015516", "T019021", "T012167", "T019023", "T019022", "T016243", "T019005", "T019007", "T019006", "2951", "T002207", "T019008", "T000126", "T000066", "1727" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-3450" } ] }
wid-sec-w-2023-0065
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "MySQL ist ein Open Source Datenbankserver von Oracle.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0065 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-0065.json" }, { "category": "self", "summary": "WID-SEC-2023-0065 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0065" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALASMARIADB10.5-2023-004 vom 2023-09-27", "url": "https://alas.aws.amazon.com/AL2/ALASMARIADB10.5-2023-004.html" }, { "category": "external", "summary": "MariaDB 10.2.38 Release Notes", "url": "https://mariadb.com/kb/en/mdb-10238-rn/" }, { "category": "external", "summary": "MariaDB 10.3.29 Release Notes", "url": "https://mariadb.com/kb/en/mariadb-10329-release-notes/" }, { "category": "external", "summary": "MariaDB 10.5.10 Release Notes", "url": "https://mariadb.com/kb/en/mariadb-10510-release-notes/" }, { "category": "external", "summary": "MariaDB 10.4.19 Release Notes", "url": "https://mariadb.com/kb/en/mariadb-10419-release-notes/" }, { "category": "external", "summary": "Ubuntu Security Notice USN-4952-1 vom 2021-05-14", "url": "https://ubuntu.com/security/notices/USN-4952-1" }, { "category": "external", "summary": "Arch Linux Security Advisory ASA-202105-14 vom 2021-05-19", "url": "https://www.cybersecurity-help.cz/vdb/SB2021051922" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - April 2021 - Appendix Oracle MySQL vom 2021-04-20", "url": "https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202105-27 vom 2021-05-26", "url": "https://security.gentoo.org/glsa/202105-27" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:2605-1 vom 2021-08-04", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009249.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:2617-1 vom 2021-08-05", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009251.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:2616-1 vom 2021-08-05", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009258.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:2634-1 vom 2021-08-06", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-August/009263.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:3590 vom 2021-09-21", "url": "https://access.redhat.com/errata/RHSA-2021:3590" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2021-3590 vom 2021-09-23", "url": "http://linux.oracle.com/errata/ELSA-2021-3590.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5022-3 vom 2021-10-07", "url": "https://ubuntu.com/security/notices/USN-5022-3" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:3811 vom 2021-10-12", "url": "https://access.redhat.com/errata/RHSA-2021:3811" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1556 vom 2022-04-27", "url": "https://access.redhat.com/errata/RHSA-2022:1556" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1557 vom 2022-04-27", "url": "https://access.redhat.com/errata/RHSA-2022:1557" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-1556 vom 2022-04-27", "url": "https://linux.oracle.com/errata/ELSA-2022-1556.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-1557 vom 2022-05-03", "url": "http://linux.oracle.com/errata/ELSA-2022-1557.html" }, { "category": "external", "summary": "Juniper Security Advisory JSA70182 vom 2023-01-12", "url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Service-Orchestration-Multiple-vulnerabilities-resolved-in-CSO-6-3-0?language=en_US" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2023-1686 vom 2023-02-23", "url": "https://alas.aws.amazon.com/ALAS-2023-1686.html" } ], "source_lang": "en-US", "title": "Oracle MySQL: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-09-27T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:09:14.170+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-0065", "initial_release_date": "2021-04-20T22:00:00.000+00:00", "revision_history": [ { "date": "2021-04-20T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2021-05-05T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates aufgenommen" }, { "date": "2021-05-06T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates aufgenommen" }, { "date": "2021-05-13T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2021-05-19T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Arch Linux aufgenommen" }, { "date": "2021-05-25T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Gentoo aufgenommen" }, { "date": "2021-08-04T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-08-05T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-08-08T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-09-20T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-09-22T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2021-10-07T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2021-10-12T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-04-26T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-04-27T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2022-05-03T22:00:00.000+00:00", "number": "16", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2023-01-11T23:00:00.000+00:00", "number": "17", "summary": "Neue Updates von Juniper aufgenommen" }, { "date": "2023-02-22T23:00:00.000+00:00", "number": "18", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2023-09-27T22:00:00.000+00:00", "number": "19", "summary": "Neue Updates von Amazon aufgenommen" } ], "status": "final", "version": "19" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "category": "product_name", "name": "Juniper Contrail Service Orchestration", "product": { "name": "Juniper Contrail Service Orchestration", "product_id": "T025794", "product_identification_helper": { "cpe": "cpe:/a:juniper:contrail_service_orchestration:-" } } } ], "category": "vendor", "name": "Juniper" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "MariaDB MariaDB \u003c 10.3.29", "product": { "name": "MariaDB MariaDB \u003c 10.3.29", "product_id": "T019246", "product_identification_helper": { "cpe": "cpe:/a:mariadb:mariadb:10.3.29" } } }, { "category": "product_name", "name": "MariaDB MariaDB \u003c 10.2.38", "product": { "name": "MariaDB MariaDB \u003c 10.2.38", "product_id": "T019247", "product_identification_helper": { "cpe": "cpe:/a:mariadb:mariadb:10.2.38" } } } ], "category": "product_name", "name": "MariaDB" } ], "category": "vendor", "name": "MariaDB" }, { "branches": [ { "category": "product_name", "name": "Open Source Arch Linux", "product": { "name": "Open Source Arch Linux", "product_id": "T013312", "product_identification_helper": { "cpe": "cpe:/o:archlinux:archlinux:-" } } } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } }, { "branches": [ { "category": "product_name", "name": "Oracle MySQL \u003c= 8.0.23", "product": { "name": "Oracle MySQL \u003c= 8.0.23", "product_id": "858555", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql:8.0.23" } } }, { "category": "product_name", "name": "Oracle MySQL \u003c= 5.7.33", "product": { "name": "Oracle MySQL \u003c= 5.7.33", "product_id": "858573", "product_identification_helper": { "cpe": "cpe:/a:oracle:mysql:5.7.33" } } } ], "category": "product_name", "name": "MySQL" } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-7317", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2019-7317" }, { "cve": "CVE-2020-17527", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2020-17527" }, { "cve": "CVE-2020-17530", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2020-17530" }, { "cve": "CVE-2020-1971", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2020-1971" }, { "cve": "CVE-2020-28196", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2020-28196" }, { "cve": "CVE-2020-8277", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2020-8277" }, { "cve": "CVE-2021-2144", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2144" }, { "cve": "CVE-2021-2146", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2146" }, { "cve": "CVE-2021-2154", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2154" }, { "cve": "CVE-2021-2160", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2160" }, { "cve": "CVE-2021-2162", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2162" }, { "cve": "CVE-2021-2164", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2164" }, { "cve": "CVE-2021-2166", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2166" }, { "cve": "CVE-2021-2169", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2169" }, { "cve": "CVE-2021-2170", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2170" }, { "cve": "CVE-2021-2171", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2171" }, { "cve": "CVE-2021-2172", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2172" }, { "cve": "CVE-2021-2174", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2174" }, { "cve": "CVE-2021-2178", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2178" }, { "cve": "CVE-2021-2179", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2179" }, { "cve": "CVE-2021-2180", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2180" }, { "cve": "CVE-2021-2193", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2193" }, { "cve": "CVE-2021-2194", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2194" }, { "cve": "CVE-2021-2196", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2196" }, { "cve": "CVE-2021-2201", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2201" }, { "cve": "CVE-2021-2202", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2202" }, { "cve": "CVE-2021-2203", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2203" }, { "cve": "CVE-2021-2208", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2208" }, { "cve": "CVE-2021-2212", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2212" }, { "cve": "CVE-2021-2213", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2213" }, { "cve": "CVE-2021-2215", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2215" }, { "cve": "CVE-2021-2217", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2217" }, { "cve": "CVE-2021-2226", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2226" }, { "cve": "CVE-2021-2230", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2230" }, { "cve": "CVE-2021-2232", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2232" }, { "cve": "CVE-2021-2278", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2278" }, { "cve": "CVE-2021-2293", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2293" }, { "cve": "CVE-2021-2298", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2298" }, { "cve": "CVE-2021-2299", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2299" }, { "cve": "CVE-2021-2300", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2300" }, { "cve": "CVE-2021-2301", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2301" }, { "cve": "CVE-2021-2304", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2304" }, { "cve": "CVE-2021-2305", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2305" }, { "cve": "CVE-2021-2307", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2307" }, { "cve": "CVE-2021-2308", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-2308" }, { "cve": "CVE-2021-23841", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-23841" }, { "cve": "CVE-2021-3449", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-3449" }, { "cve": "CVE-2021-3450", "notes": [ { "category": "description", "text": "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T002207", "67646", "T000126", "T013312", "398363", "T012167", "T004914", "T025794" ], "last_affected": [ "858573", "858555" ] }, "release_date": "2021-04-20T22:00:00Z", "title": "CVE-2021-3450" } ] }
wid-sec-w-2022-0671
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und um kryptografische Sicherheitsmechanismen zu umgehen.", "title": "Angriff" }, { "category": "general", "text": "- Appliance\n- CISCO Appliance\n- Hardware Appliance\n- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0671 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0671.json" }, { "category": "self", "summary": "WID-SEC-2022-0671 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0671" }, { "category": "external", "summary": "OpenSSL Security Advisory 20210325 vom 2021-03-25", "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "category": "external", "summary": "Ubuntu Security Notice USN-4891-1 vom 2021-03-25", "url": "https://ubuntu.com/security/notices/USN-4891-1" }, { "category": "external", "summary": "Debian Security Advisory DSA-4875 vom 2021-03-25", "url": "https://www.debian.org/security/2021/dsa-4875" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:0954-1 vom 2021-03-25", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008558.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:0955-1 vom 2021-03-25", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008559.html" }, { "category": "external", "summary": "FreeBSD Security Advisory FreeBSD-SA-21:07.openssl vom 2021-03-25", "url": "https://security.freebsd.org/advisories/FreeBSD-SA-21:07.openssl.asc" }, { "category": "external", "summary": "Arch Linux Security Advisory ASA-202103-10 vom 2021-03-25", "url": "https://security.archlinux.org/ASA-202103-10" }, { "category": "external", "summary": "Cisco Security Advisory cisco-sa-openssl-2021-GHY28dJd vom 2021-03-25", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd" }, { "category": "external", "summary": "PoC CVE-2021-3449", "url": "https://github.com/terorie/cve-2021-3449" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2021-1622 vom 2021-03-26", "url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1622.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2021-1024 vom 2021-03-30", "url": "https://linux.oracle.com/errata/ELSA-2021-1024.html" }, { "category": "external", "summary": "Cisco Security Advisory cisco-sa-openssl-2021-GHY28dJd vom 2021-03-29", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1024 vom 2021-03-30", "url": "https://access.redhat.com/errata/RHSA-2021:1024" }, { "category": "external", "summary": "Nessus Network Monitor Security Advisory", "url": "https://de.tenable.com/security/tns-2021-09" }, { "category": "external", "summary": "HPE Security Bulletin hpesbst04140en_us vom 2021-06-02", "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbst04140en_us" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2021-9151 vom 2021-04-01", "url": "https://linux.oracle.com/errata/ELSA-2021-9151.html" }, { "category": "external", "summary": "Unify Security Advisory Report OBSO-2103-01 vom 2021-03-31", "url": "https://networks.unify.com/security/advisories/OBSO-2103-01.pdf" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202103-03 vom 2021-03-31", "url": "https://security.gentoo.org/glsa/202103-03" }, { "category": "external", "summary": "Cisco Security Advisory cisco-sa-openssl-2021-GHY28dJd vom 2021-03-31", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd" }, { "category": "external", "summary": "Cisco Security Advisory cisco-sa-openssl-2021-GHY28dJd vom 2021-04-05", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd" }, { "category": "external", "summary": "Tenable Security Advisory", "url": "https://de.tenable.com/security/tns-2021-05" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1063 vom 2021-04-05", "url": "https://access.redhat.com/errata/RHSA-2021:1063" }, { "category": "external", "summary": "Brocade Security Advisory", "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1440" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1131 vom 2021-04-07", "url": "https://access.redhat.com/errata/RHSA-2021:1131" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:1109-1 vom 2021-04-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008603.html" }, { "category": "external", "summary": "Tenable Security Advisory", "url": "https://de.tenable.com/security/tns-2021-08" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1168 vom 2021-04-13", "url": "https://access.redhat.com/errata/RHSA-2021:1168" }, { "category": "external", "summary": "AVAYA Security Advisory ASA-2021-025 vom 2021-04-13", "url": "https://downloads.avaya.com/css/P8/documents/101075304" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1202 vom 2021-04-14", "url": "https://access.redhat.com/errata/RHSA-2021:1202" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1200 vom 2021-04-14", "url": "https://access.redhat.com/errata/RHSA-2021:1200" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1199 vom 2021-04-14", "url": "https://access.redhat.com/errata/RHSA-2021:1199" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1189 vom 2021-04-14", "url": "https://access.redhat.com/errata/RHSA-2021:1189" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1203 vom 2021-04-14", "url": "https://access.redhat.com/errata/RHSA-2021:1203" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1196 vom 2021-04-14", "url": "https://access.redhat.com/errata/RHSA-2021:1196" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1195 vom 2021-04-14", "url": "https://access.redhat.com/errata/RHSA-2021:1195" }, { "category": "external", "summary": "McAfee Security Bulletin", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:2041 vom 2021-05-19", "url": "https://access.redhat.com/errata/RHSA-2021:2041" }, { "category": "external", "summary": "Meinberg Security Advisory MBGSA-2021.02 vom 2021-04-20", "url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2021-02-meinberg-lantime-firmware-v7-02-003-und-v6-24-028.htm" }, { "category": "external", "summary": "Hitachi Vulnerability Information HITACHI-SEC-2021-117 vom 2021-05-21", "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-117/index.html" }, { "category": "external", "summary": "Hitachi Vulnerability Information HITACHI-SEC-2021-119 vom 2021-05-21", "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-119/index.html" }, { "category": "external", "summary": "Meinberg Security Advisory", "url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2021-02-meinberg-lantime-firmware-v7-02-003-und-v6-24-028.htm" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1338 vom 2021-04-22", "url": "https://access.redhat.com/errata/RHSA-2021:1338" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1230 vom 2021-04-27", "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:1448 vom 2021-04-28", "url": "https://access.redhat.com/errata/RHSA-2021:1448" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:2479 vom 2021-06-17", "url": "https://access.redhat.com/errata/RHSA-2021:2479" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:2532 vom 2021-06-23", "url": "https://access.redhat.com/errata/RHSA-2021:2532" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:2543 vom 2021-06-24", "url": "https://access.redhat.com/errata/RHSA-2021:2543" }, { "category": "external", "summary": "Pulse Secure Security Advisory SA44845 vom 2021-07-14", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845/?kA23Z000000L6ooSAC=" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:2326-1 vom 2021-07-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009136.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:2323-1 vom 2021-07-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009135.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:2327-1 vom 2021-07-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009139.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:2353-1 vom 2021-07-15", "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009145.html" }, { "category": "external", "summary": "HPE Security Bulletin", "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbst04142en_us" }, { "category": "external", "summary": "HCL Article KB0090800 vom 2021-08-03", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090800" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:3016 vom 2021-08-06", "url": "https://access.redhat.com/errata/RHSA-2021:3016" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5038-1 vom 2021-08-12", "url": "https://ubuntu.com/security/notices/USN-5038-1" }, { "category": "external", "summary": "Debian Security Advisory DLA-2751 vom 2021-08-31", "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2021:3556 vom 2021-09-17", "url": "https://access.redhat.com/errata/RHSA-2021:3556" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:0056 vom 2022-03-10", "url": "https://access.redhat.com/errata/RHSA-2022:0056" }, { "category": "external", "summary": "HPE Security Bulletin", "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04309en_us\u0026hprpt_id=ALERT_HPE_3024068\u0026jumpid=em_pom8nu6hj_aid-520066529" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2021:0955-2 vom 2022-07-13", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011541.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2023-13026 vom 2023-12-07", "url": "https://linux.oracle.com/errata/ELSA-2023-13026.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2023-13024 vom 2023-12-07", "url": "https://linux.oracle.com/errata/ELSA-2023-13024.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2023-13025 vom 2023-12-07", "url": "https://linux.oracle.com/errata/ELSA-2023-13025.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2023-32791 vom 2023-12-07", "url": "https://linux.oracle.com/errata/ELSA-2023-32791.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2023-32790 vom 2023-12-07", "url": "https://linux.oracle.com/errata/ELSA-2023-32790.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2023-13027 vom 2023-12-07", "url": "https://linux.oracle.com/errata/ELSA-2023-13027.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2024-2502 vom 2024-03-19", "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2502.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-12408 vom 2024-06-05", "url": "https://linux.oracle.com/errata/ELSA-2024-12408.html" } ], "source_lang": "en-US", "title": "OpenSSL: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-06-04T22:00:00.000+00:00", "generator": { "date": "2024-06-05T08:09:05.439+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0671", "initial_release_date": "2021-03-25T23:00:00.000+00:00", "revision_history": [ { "date": "2021-03-25T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2021-03-28T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2021-03-29T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Oracle Linux, Cisco und Red Hat aufgenommen" }, { "date": "2021-03-30T22:00:00.000+00:00", "number": "4", "summary": "Referenz(en) aufgenommen: FEDORA-2021-CBF14AB8F9" }, { "date": "2021-03-31T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Cisco, Oracle Linux, Unify und Gentoo aufgenommen" }, { "date": "2021-04-05T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Cisco aufgenommen" }, { "date": "2021-04-07T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-04-08T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von SUSE und Tenable aufgenommen" }, { "date": "2021-04-12T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-04-14T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von AVAYA und Red Hat aufgenommen" }, { "date": "2021-04-15T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von McAfee aufgenommen" }, { "date": "2021-04-19T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Meinberg aufgenommen" }, { "date": "2021-04-20T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates aufgenommen" }, { "date": "2021-04-22T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-04-26T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-04-28T22:00:00.000+00:00", "number": "16", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-05-11T22:00:00.000+00:00", "number": "17", "summary": "Neue Updates von Tenable aufgenommen" }, { "date": "2021-05-16T22:00:00.000+00:00", "number": "18", "summary": "Neue Updates von BROCADE aufgenommen" }, { "date": "2021-05-18T22:00:00.000+00:00", "number": "19", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-05-20T22:00:00.000+00:00", "number": "20", "summary": "Neue Updates von HITACHI aufgenommen" }, { "date": "2021-06-03T22:00:00.000+00:00", "number": "21", "summary": "Neue Updates von HPE aufgenommen" }, { "date": "2021-06-17T22:00:00.000+00:00", "number": "22", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-06-23T22:00:00.000+00:00", "number": "23", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-06-24T22:00:00.000+00:00", "number": "24", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-07-13T22:00:00.000+00:00", "number": "25", "summary": "Neue Updates von Pulse Secure aufgenommen" }, { "date": "2021-07-14T22:00:00.000+00:00", "number": "26", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-07-15T22:00:00.000+00:00", "number": "27", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2021-07-25T22:00:00.000+00:00", "number": "28", "summary": "Neue Updates von HP aufgenommen" }, { "date": "2021-08-02T22:00:00.000+00:00", "number": "29", "summary": "Neue Updates von HCL aufgenommen" }, { "date": "2021-08-05T22:00:00.000+00:00", "number": "30", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2021-08-12T22:00:00.000+00:00", "number": "31", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2021-08-31T22:00:00.000+00:00", "number": "32", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2021-09-16T22:00:00.000+00:00", "number": "33", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-03-10T23:00:00.000+00:00", "number": "34", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-05-22T22:00:00.000+00:00", "number": "35", "summary": "Neue Updates von HP aufgenommen" }, { "date": "2022-07-13T22:00:00.000+00:00", "number": "36", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2023-12-07T23:00:00.000+00:00", "number": "37", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2024-03-18T23:00:00.000+00:00", "number": "38", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-06-04T22:00:00.000+00:00", "number": "39", "summary": "Neue Updates von Oracle Linux aufgenommen" } ], "status": "final", "version": "39" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Avaya Aura Experience Portal", "product": { "name": "Avaya Aura Experience Portal", "product_id": "T015519", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_experience_portal:-" } } } ], "category": "vendor", "name": "Avaya" }, { "branches": [ { "category": "product_name", "name": "Broadcom Brocade Switch", "product": { "name": "Broadcom Brocade Switch", "product_id": "T015844", "product_identification_helper": { "cpe": "cpe:/h:brocade:switch:-" } } } ], "category": "vendor", "name": "Broadcom" }, { "branches": [ { "category": "product_name", "name": "Cisco Firepower", "product": { "name": "Cisco Firepower", "product_id": "T011337", "product_identification_helper": { "cpe": "cpe:/a:cisco:firepower:-" } } }, { "category": "product_name", "name": "Cisco IP Phone", "product": { "name": "Cisco IP Phone", "product_id": "2070", "product_identification_helper": { "cpe": "cpe:/h:cisco:ip_phone:-" } } }, { "category": "product_name", "name": "Cisco Identity Services Engine (ISE)", "product": { "name": "Cisco Identity Services Engine (ISE)", "product_id": "T000612", "product_identification_helper": { "cpe": "cpe:/a:cisco:identity_services_engine_software:-" } } }, { "category": "product_name", "name": "Cisco Jabber", "product": { "name": "Cisco Jabber", "product_id": "T013379", "product_identification_helper": { "cpe": "cpe:/a:cisco:jabber:-" } } }, { "category": "product_name", "name": "Cisco Meeting Server", "product": { "name": "Cisco Meeting Server", "product_id": "T018748", "product_identification_helper": { "cpe": "cpe:/a:cisco:meeting_server:-" } } }, { "branches": [ { "category": "product_version", "name": "3000", "product": { "name": "Cisco Nexus 3000", "product_id": "T003851", "product_identification_helper": { "cpe": "cpe:/h:cisco:nexus:3000" } } }, { "category": "product_version", "name": "9000", "product": { "name": "Cisco Nexus 9000", "product_id": "T003853", "product_identification_helper": { "cpe": "cpe:/h:cisco:nexus:9000" } } } ], "category": "product_name", "name": "Nexus" }, { "category": "product_name", "name": "Cisco Prime Infrastructure", "product": { "name": "Cisco Prime Infrastructure", "product_id": "T000756", "product_identification_helper": { "cpe": "cpe:/a:cisco:prime_infrastructure:-" } } }, { "branches": [ { "category": "product_version", "name": "c800 series", "product": { "name": "Cisco Router c800 series", "product_id": "T018745", "product_identification_helper": { "cpe": "cpe:/h:cisco:router:c800_series" } } } ], "category": "product_name", "name": "Router" }, { "category": "product_name", "name": "Cisco SD-WAN", "product": { "name": "Cisco SD-WAN", "product_id": "T015770", "product_identification_helper": { "cpe": "cpe:/a:cisco:sd_wan:-" } } }, { "branches": [ { "category": "product_version", "name": "RV320", "product": { "name": "Cisco Small Business RV320", "product_id": "T013513", "product_identification_helper": { "cpe": "cpe:/h:cisco:small_business:rv320" } } }, { "category": "product_version", "name": "RV325", "product": { "name": "Cisco Small Business RV325", "product_id": "T013514", "product_identification_helper": { "cpe": "cpe:/h:cisco:small_business:rv325" } } }, { "category": "product_version", "name": "RV130", "product": { "name": "Cisco Small Business RV130", "product_id": "T018066", "product_identification_helper": { "cpe": "cpe:/h:cisco:small_business:rv130" } } } ], "category": "product_name", "name": "Small Business" }, { "category": "product_name", "name": "Cisco Unified Computing System (UCS)", "product": { "name": "Cisco Unified Computing System (UCS)", "product_id": "163824", "product_identification_helper": { "cpe": "cpe:/h:cisco:unified_computing_system:-" } } }, { "branches": [ { "category": "product_version", "name": "RV130", "product": { "name": "Cisco Unified Contact Center Enterprise RV130", "product_id": "2143", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_contact_center_enterprise:-" } } } ], "category": "product_name", "name": "Unified Contact Center Enterprise" }, { "branches": [ { "category": "product_version", "name": "RV130", "product": { "name": "Cisco Unified Intelligent Contact Manager (ICM) RV130", "product_id": "69412", "product_identification_helper": { "cpe": "cpe:/a:cisco:unified_intelligent_contact_management_enterprise:-" } } } ], "category": "product_name", "name": "Unified Intelligent Contact Manager (ICM)" }, { "branches": [ { "category": "product_version", "name": "Media Server", "product": { "name": "Cisco Video Surveillance Media Server", "product_id": "T018749", "product_identification_helper": { "cpe": "cpe:/a:cisco:video_surveillance_software:media_server" } } } ], "category": "product_name", "name": "Video Surveillance" }, { "category": "product_name", "name": "Cisco Web Security Appliance", "product": { "name": "Cisco Web Security Appliance", "product_id": "T007921", "product_identification_helper": { "cpe": "cpe:/a:cisco:web_security_appliance:-" } } }, { "branches": [ { "category": "product_name", "name": "Cisco WebEx Meetings Server", "product": { "name": "Cisco WebEx Meetings Server", "product_id": "T001747", "product_identification_helper": { "cpe": "cpe:/a:cisco:webex:-" } } }, { "category": "product_version", "name": "Wireless Phone", "product": { "name": "Cisco WebEx Wireless Phone", "product_id": "T018746", "product_identification_helper": { "cpe": "cpe:/a:cisco:webex:wireless_phone" } } }, { "category": "product_version", "name": "Room Phone", "product": { "name": "Cisco WebEx Room Phone", "product_id": "T018747", "product_identification_helper": { "cpe": "cpe:/a:cisco:webex:room_phone" } } }, { "category": "product_version", "name": "Meetings for iOS", "product": { "name": "Cisco WebEx Meetings for iOS", "product_id": "T018759", "product_identification_helper": { "cpe": "cpe:/a:cisco:webex:meetings_for_ios" } } }, { "category": "product_version", "name": "Video Mesh", "product": { "name": "Cisco WebEx Video Mesh", "product_id": "T018760", "product_identification_helper": { "cpe": "cpe:/a:cisco:webex:video_mesh" } } } ], "category": "product_name", "name": "WebEx" }, { "branches": [ { "category": "product_version", "name": "wap121", "product": { "name": "Cisco Wireless Access Point wap121", "product_id": "T018761", "product_identification_helper": { "cpe": "cpe:/h:cisco:wap:wap121" } } }, { "category": "product_version", "name": "wap321", "product": { "name": "Cisco Wireless Access Point wap321", "product_id": "T018762", "product_identification_helper": { "cpe": "cpe:/h:cisco:wap:wap321" } } }, { "category": "product_version", "name": "wap371", "product": { "name": "Cisco Wireless Access Point wap371", "product_id": "T018763", "product_identification_helper": { "cpe": "cpe:/h:cisco:wap:wap371" } } } ], "category": "product_name", "name": "Wireless Access Point" }, { "branches": [ { "category": "product_version", "name": "8821", "product": { "name": "Cisco Wireless IP Phone 8821", "product_id": "T015978", "product_identification_helper": { "cpe": "cpe:/h:cisco:wireless_ip_phone:8821" } } } ], "category": "product_name", "name": "Wireless IP Phone" } ], "category": "vendor", "name": "Cisco" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "category": "product_name", "name": "HCL BigFix", "product": { "name": "HCL BigFix", "product_id": "T017494", "product_identification_helper": { "cpe": "cpe:/a:hcltech:bigfix:-" } } } ], "category": "vendor", "name": "HCL" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c9.0.1b", "product": { "name": "HPE Fabric OS \u003c9.0.1b", "product_id": "T019364", "product_identification_helper": { "cpe": "cpe:/o:hpe:fabric_os:9.0.1b" } } }, { "category": "product_version_range", "name": "\u003c8.2.3", "product": { "name": "HPE Fabric OS \u003c8.2.3", "product_id": "T019365", "product_identification_helper": { "cpe": "cpe:/o:hpe:fabric_os:8.2.3" } } } ], "category": "product_name", "name": "Fabric OS" }, { "category": "product_name", "name": "HPE Switch", "product": { "name": "HPE Switch", "product_id": "T005119", "product_identification_helper": { "cpe": "cpe:/h:hp:switch:-" } } } ], "category": "vendor", "name": "HPE" }, { "branches": [ { "category": "product_name", "name": "Hitachi Ops Center", "product": { "name": "Hitachi Ops Center", "product_id": "T017562", "product_identification_helper": { "cpe": "cpe:/a:hitachi:ops_center:-" } } } ], "category": "vendor", "name": "Hitachi" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "11.x", "product": { "name": "McAfee Data Loss Prevention 11.x", "product_id": "T018908", "product_identification_helper": { "cpe": "cpe:/a:mcafee:data_loss_prevention:11.x" } } } ], "category": "product_name", "name": "Data Loss Prevention" }, { "category": "product_name", "name": "McAfee Threat Intelligence Exchange", "product": { "name": "McAfee Threat Intelligence Exchange", "product_id": "T014994", "product_identification_helper": { "cpe": "cpe:/a:mcafee:threat_intelligence_exchange:-" } } }, { "category": "product_name", "name": "McAfee Web Gateway", "product": { "name": "McAfee Web Gateway", "product_id": "T003324", "product_identification_helper": { "cpe": "cpe:/a:mcafee:web_gateway:-" } } } ], "category": "vendor", "name": "McAfee" }, { "branches": [ { "category": "product_name", "name": "Meinberg LANTIME", "product": { "name": "Meinberg LANTIME", "product_id": "T018353", "product_identification_helper": { "cpe": "cpe:/h:meinberg:lantime:-" } } } ], "category": "vendor", "name": "Meinberg" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c1.1.1k", "product": { "name": "Open Source OpenSSL \u003c1.1.1k", "product_id": "T018712", "product_identification_helper": { "cpe": "cpe:/a:openssl:openssl:1.1.1k" } } } ], "category": "product_name", "name": "OpenSSL" } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "Pulse Secure Pulse Connect Secure", "product": { "name": "Pulse Secure Pulse Connect Secure", "product_id": "T016869", "product_identification_helper": { "cpe": "cpe:/a:pulsesecure:pulse_connect_secure:-" } } } ], "category": "vendor", "name": "Pulse Secure" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c8.13.2", "product": { "name": "Tenable Security Nessus \u003c8.13.2", "product_id": "T018777", "product_identification_helper": { "cpe": "cpe:/a:tenable:nessus:8.13.2" } } } ], "category": "product_name", "name": "Nessus" }, { "branches": [ { "category": "product_version_range", "name": "\u003c5.13.1", "product": { "name": "Tenable Security Nessus Network Monitor \u003c5.13.1", "product_id": "T019318", "product_identification_helper": { "cpe": "cpe:/a:tenable:nessus_network_monitor:5.13.1" } } } ], "category": "product_name", "name": "Nessus Network Monitor" } ], "category": "vendor", "name": "Tenable Security" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" }, { "branches": [ { "category": "product_name", "name": "Unify OpenScape 4000", "product": { "name": "Unify OpenScape 4000", "product_id": "T018011", "product_identification_helper": { "cpe": "cpe:/h:unify:openscape_4000:-" } } }, { "category": "product_name", "name": "Unify OpenScape Branch", "product": { "name": "Unify OpenScape Branch", "product_id": "T018258", "product_identification_helper": { "cpe": "cpe:/h:unify:openscape_branch:-" } } }, { "category": "product_name", "name": "Unify OpenScape SBC", "product": { "name": "Unify OpenScape SBC", "product_id": "T008874", "product_identification_helper": { "cpe": "cpe:/a:unify:openscape_sbc:-" } } }, { "category": "product_name", "name": "Unify OpenScape Xpert", "product": { "name": "Unify OpenScape Xpert", "product_id": "T018014", "product_identification_helper": { "cpe": "cpe:/h:unify:openscape_xpert:-" } } } ], "category": "vendor", "name": "Unify" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3449", "notes": [ { "category": "description", "text": "In OpenSSL besteht eine Schwachstelle in der TLS Serverimplementierung. L\u00e4sst der Client bei einem erneuten (Renegotiation) \"ClientHello\" die \"signature_algorithms\" Erweiterung weg, obwohl sie im vorigen \"ClientHello\" enthalten war und sendet trotzdem die Erweiterung \"signature_algorithms_cert\" mit, so l\u00f6st er damit am Server eine NULL-Zeiger Dereferenzierung aus. Ein entfernter, anonymer Angreifer kann dies ausnutzen, um einen TLS Server zum Absturz zu bringen (Denial of Service). Serverimplementierungen, die keine TLS Renegotiation verwenden, sind nicht betroffen." } ], "product_status": { "known_affected": [ "2070", "T008874", "67646", "T003324", "T007921", "T015844", "T014994", "T004914", "T017494", "T018066", "T018760", "T018761", "T018762", "T018763", "T001747", "T000756", "T000612", "T018745", "T018746", "T018747", "T018748", "T018749", "398363", "T018908", "69412", "163824", "T015519", "T013514", "T003851", "T015978", "T016869", "T011337", "T003853", "T013513", "2143", "T005119", "T013379", "T012167", "T018011", "T018353", "T015770", "T017562", "T018014", "T018258", "2951", "T002207", "T000126", "T018759" ] }, "release_date": "2021-03-25T23:00:00Z", "title": "CVE-2021-3449" }, { "cve": "CVE-2021-3450", "notes": [ { "category": "description", "text": "In OpenSSL besteht eine Schwachstelle. Wurde die Validierung einer Zertifikatskette mit dem Parameter \"X509_V_FLAG_X509_STRICT\" gestartet, werden erweiterte Zertifikatspr\u00fcfungen vorgenommen. Mit OpenSSL Version 1.1.1h wurde hierzu eine Pr\u00fcfung aufgenommen, um Zertifikate mit expliziten elliptischen Kurvenparametern zu verbieten. Durch einen Implementierungsfehler in diesem Feature werden jedoch CA-Zertifikate (Certificate Authority) in der Kette nicht mehr zuverl\u00e4ssig auf die Eigenschaft validiert, ob der Zertifikatsinhaber als CA t\u00e4tig sein darf. Ein Angreifer kann dadurch sein g\u00fcltiges Client- oder Server-Zertifikat zweckentfremden und damit beliebige Zertifikate signieren, die eine betroffene OpenSSL Version f\u00e4lschlicherweise als g\u00fcltig erkennt. Der Angreifer kann folglich kryptografische Sicherheitsmechanismen umgehen." } ], "product_status": { "known_affected": [ "2070", "T008874", "67646", "T003324", "T007921", "T014994", "T004914", "T018066", "T018760", "T018761", "T018762", "T018763", "T001747", "T000756", "T000612", "T018745", "T018746", "T018747", "T018748", "T018749", "398363", "T018908", "69412", "163824", "T015519", "T013514", "T003851", "T015978", "T011337", "T003853", "T013513", "2143", "T013379", "T012167", "T018011", "T015770", "T018014", "T018258", "2951", "T002207", "T000126", "T018759" ] }, "release_date": "2021-03-25T23:00:00Z", "title": "CVE-2021-3450" } ] }
wid-sec-w-2024-0794
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Dell ECS ist ein Objektspeichersystem.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Dell ECS ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0794 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0794.json" }, { "category": "self", "summary": "WID-SEC-2024-0794 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0794" }, { "category": "external", "summary": "Dell Security Advisory DSA-2024-141 vom 2024-04-04", "url": "https://www.dell.com/support/kbdoc/000223839/dsa-2024-=" } ], "source_lang": "en-US", "title": "Dell ECS: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-04-04T22:00:00.000+00:00", "generator": { "date": "2024-04-05T09:37:24.604+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0794", "initial_release_date": "2024-04-04T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-04T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 3.8.1.0", "product": { "name": "Dell ECS \u003c 3.8.1.0", "product_id": "T033919", "product_identification_helper": { "cpe": "cpe:/h:dell:ecs:3.8.1.0" } } } ], "category": "product_name", "name": "ECS" } ], "category": "vendor", "name": "Dell" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-18074", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2018-18074" }, { "cve": "CVE-2020-10663", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10663" }, { "cve": "CVE-2020-10672", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10672" }, { "cve": "CVE-2020-10673", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10673" }, { "cve": "CVE-2020-10735", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10735" }, { "cve": "CVE-2020-10968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10968" }, { "cve": "CVE-2020-10969", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10969" }, { "cve": "CVE-2020-11111", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11111" }, { "cve": "CVE-2020-11112", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11112" }, { "cve": "CVE-2020-11113", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11113" }, { "cve": "CVE-2020-11612", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11612" }, { "cve": "CVE-2020-11619", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11619" }, { "cve": "CVE-2020-11620", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11620" }, { "cve": "CVE-2020-11979", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11979" }, { "cve": "CVE-2020-12762", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-12762" }, { "cve": "CVE-2020-12825", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-12825" }, { "cve": "CVE-2020-13956", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-13956" }, { "cve": "CVE-2020-14060", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-14060" }, { "cve": "CVE-2020-14061", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-14061" }, { "cve": "CVE-2020-14062", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-14062" }, { "cve": "CVE-2020-14195", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-14195" }, { "cve": "CVE-2020-15250", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-15250" }, { "cve": "CVE-2020-1945", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-1945" }, { "cve": "CVE-2020-1967", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-1967" }, { "cve": "CVE-2020-1971", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-1971" }, { "cve": "CVE-2020-24616", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-24616" }, { "cve": "CVE-2020-24750", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-24750" }, { "cve": "CVE-2020-25649", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-25649" }, { "cve": "CVE-2020-25658", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-25658" }, { "cve": "CVE-2020-26116", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-26116" }, { "cve": "CVE-2020-26137", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-26137" }, { "cve": "CVE-2020-26541", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-26541" }, { "cve": "CVE-2020-27216", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-27216" }, { "cve": "CVE-2020-27218", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-27218" }, { "cve": "CVE-2020-27223", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-27223" }, { "cve": "CVE-2020-28366", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-28366" }, { "cve": "CVE-2020-28493", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-28493" }, { "cve": "CVE-2020-29509", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-29509" }, { "cve": "CVE-2020-29511", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-29511" }, { "cve": "CVE-2020-29582", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-29582" }, { "cve": "CVE-2020-29651", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-29651" }, { "cve": "CVE-2020-35490", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-35490" }, { "cve": "CVE-2020-35491", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-35491" }, { "cve": "CVE-2020-35728", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-35728" }, { "cve": "CVE-2020-36179", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36179" }, { "cve": "CVE-2020-36180", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36180" }, { "cve": "CVE-2020-36181", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36181" }, { "cve": "CVE-2020-36182", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36182" }, { "cve": "CVE-2020-36183", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36183" }, { "cve": "CVE-2020-36184", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36184" }, { "cve": "CVE-2020-36185", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36185" }, { "cve": "CVE-2020-36186", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36186" }, { "cve": "CVE-2020-36187", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36187" }, { "cve": "CVE-2020-36188", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36188" }, { "cve": "CVE-2020-36189", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36189" }, { "cve": "CVE-2020-36516", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36516" }, { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36518" }, { "cve": "CVE-2020-36557", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36557" }, { "cve": "CVE-2020-36558", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36558" }, { "cve": "CVE-2020-36691", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36691" }, { "cve": "CVE-2020-7238", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-7238" }, { "cve": "CVE-2020-8840", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-8840" }, { "cve": "CVE-2020-8908", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-8908" }, { "cve": "CVE-2020-8911", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-8911" }, { "cve": "CVE-2020-8912", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-8912" }, { "cve": "CVE-2020-9488", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9488" }, { "cve": "CVE-2020-9493", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9493" }, { "cve": "CVE-2020-9546", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9546" }, { "cve": "CVE-2020-9547", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9547" }, { "cve": "CVE-2020-9548", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9548" }, { "cve": "CVE-2021-20190", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-20190" }, { "cve": "CVE-2021-20323", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-20323" }, { "cve": "CVE-2021-21290", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-21290" }, { "cve": "CVE-2021-21295", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-21295" }, { "cve": "CVE-2021-21409", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-21409" }, { "cve": "CVE-2021-23840", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-23840" }, { "cve": "CVE-2021-23841", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-23841" }, { "cve": "CVE-2021-2471", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-2471" }, { "cve": "CVE-2021-25642", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-25642" }, { "cve": "CVE-2021-26341", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-26341" }, { "cve": "CVE-2021-27918", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-27918" }, { "cve": "CVE-2021-28153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-28153" }, { "cve": "CVE-2021-28165", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-28165" }, { "cve": "CVE-2021-28169", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-28169" }, { "cve": "CVE-2021-28861", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-28861" }, { "cve": "CVE-2021-29425", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-29425" }, { "cve": "CVE-2021-30560", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-30560" }, { "cve": "CVE-2021-3114", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3114" }, { "cve": "CVE-2021-33036", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33036" }, { "cve": "CVE-2021-33194", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33194" }, { "cve": "CVE-2021-33195", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33195" }, { "cve": "CVE-2021-33196", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33196" }, { "cve": "CVE-2021-33197", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33197" }, { "cve": "CVE-2021-33503", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33503" }, { "cve": "CVE-2021-33655", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33655" }, { "cve": "CVE-2021-33656", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33656" }, { "cve": "CVE-2021-3424", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3424" }, { "cve": "CVE-2021-34428", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-34428" }, { "cve": "CVE-2021-3449", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3449" }, { "cve": "CVE-2021-3450", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3450" }, { "cve": "CVE-2021-3530", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3530" }, { "cve": "CVE-2021-36221", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-36221" }, { "cve": "CVE-2021-36373", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-36373" }, { "cve": "CVE-2021-36374", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-36374" }, { "cve": "CVE-2021-3648", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3648" }, { "cve": "CVE-2021-36690", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-36690" }, { "cve": "CVE-2021-3711", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3711" }, { "cve": "CVE-2021-3712", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3712" }, { "cve": "CVE-2021-37136", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-37136" }, { "cve": "CVE-2021-37137", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-37137" }, { "cve": "CVE-2021-37404", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-37404" }, { "cve": "CVE-2021-37533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-37533" }, { "cve": "CVE-2021-3754", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3754" }, { "cve": "CVE-2021-3778", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3778" }, { "cve": "CVE-2021-3796", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3796" }, { "cve": "CVE-2021-3826", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3826" }, { "cve": "CVE-2021-3827", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3827" }, { "cve": "CVE-2021-38297", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-38297" }, { "cve": "CVE-2021-3872", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3872" }, { "cve": "CVE-2021-3875", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3875" }, { "cve": "CVE-2021-3903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3903" }, { "cve": "CVE-2021-3923", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3923" }, { "cve": "CVE-2021-3927", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3927" }, { "cve": "CVE-2021-3928", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3928" }, { "cve": "CVE-2021-3968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3968" }, { "cve": "CVE-2021-3973", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3973" }, { "cve": "CVE-2021-3974", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3974" }, { "cve": "CVE-2021-3984", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3984" }, { "cve": "CVE-2021-4019", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4019" }, { "cve": "CVE-2021-4037", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4037" }, { "cve": "CVE-2021-4069", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4069" }, { "cve": "CVE-2021-4104", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4104" }, { "cve": "CVE-2021-4136", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4136" }, { "cve": "CVE-2021-4157", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4157" }, { "cve": "CVE-2021-4166", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4166" }, { "cve": "CVE-2021-41771", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-41771" }, { "cve": "CVE-2021-4192", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4192" }, { "cve": "CVE-2021-4193", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4193" }, { "cve": "CVE-2021-4203", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4203" }, { "cve": "CVE-2021-42567", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-42567" }, { "cve": "CVE-2021-43797", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-43797" }, { "cve": "CVE-2021-44531", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44531" }, { "cve": "CVE-2021-44532", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44532" }, { "cve": "CVE-2021-44533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44533" }, { "cve": "CVE-2021-44716", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44716" }, { "cve": "CVE-2021-44878", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44878" }, { "cve": "CVE-2021-45078", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-45078" }, { "cve": "CVE-2021-46195", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-46195" }, { "cve": "CVE-2021-46828", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-46828" }, { "cve": "CVE-2021-46848", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-46848" }, { "cve": "CVE-2022-0128", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0128" }, { "cve": "CVE-2022-0213", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0213" }, { "cve": "CVE-2022-0225", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0225" }, { "cve": "CVE-2022-0261", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0261" }, { "cve": "CVE-2022-0318", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0318" }, { "cve": "CVE-2022-0319", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0319" }, { "cve": "CVE-2022-0351", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0351" }, { "cve": "CVE-2022-0359", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0359" }, { "cve": "CVE-2022-0361", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0361" }, { "cve": "CVE-2022-0392", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0392" }, { "cve": "CVE-2022-0407", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0407" }, { "cve": "CVE-2022-0413", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0413" }, { "cve": "CVE-2022-0561", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0561" }, { "cve": "CVE-2022-0696", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0696" }, { "cve": "CVE-2022-0778", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0778" }, { "cve": "CVE-2022-1184", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1184" }, { "cve": "CVE-2022-1245", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1245" }, { "cve": "CVE-2022-1271", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1271" }, { "cve": "CVE-2022-1292", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1292" }, { "cve": "CVE-2022-1381", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1381" }, { "cve": "CVE-2022-1420", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1420" }, { "cve": "CVE-2022-1462", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1462" }, { "cve": "CVE-2022-1466", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1466" }, { "cve": "CVE-2022-1471", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1471" }, { "cve": "CVE-2022-1586", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1586" }, { "cve": "CVE-2022-1587", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1587" }, { "cve": "CVE-2022-1616", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1616" }, { "cve": "CVE-2022-1619", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1619" }, { "cve": "CVE-2022-1620", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1620" }, { "cve": "CVE-2022-1679", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1679" }, { "cve": "CVE-2022-1705", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1705" }, { "cve": "CVE-2022-1720", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1720" }, { "cve": "CVE-2022-1729", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1729" }, { "cve": "CVE-2022-1733", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1733" }, { "cve": "CVE-2022-1735", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1735" }, { "cve": "CVE-2022-1771", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1771" }, { "cve": "CVE-2022-1785", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1785" }, { "cve": "CVE-2022-1796", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1796" }, { "cve": "CVE-2022-1851", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1851" }, { "cve": "CVE-2022-1897", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1897" }, { "cve": "CVE-2022-1898", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1898" }, { "cve": "CVE-2022-1927", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1927" }, { "cve": "CVE-2022-1962", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1962" }, { "cve": "CVE-2022-1968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1968" }, { "cve": "CVE-2022-1974", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1974" }, { "cve": "CVE-2022-1975", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1975" }, { "cve": "CVE-2022-20132", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20132" }, { "cve": "CVE-2022-20141", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20141" }, { "cve": "CVE-2022-20154", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20154" }, { "cve": "CVE-2022-20166", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20166" }, { "cve": "CVE-2022-20368", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20368" }, { "cve": "CVE-2022-20369", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20369" }, { "cve": "CVE-2022-2047", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2047" }, { "cve": "CVE-2022-2048", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2048" }, { "cve": "CVE-2022-20567", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20567" }, { "cve": "CVE-2022-2068", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2068" }, { "cve": "CVE-2022-2097", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2097" }, { "cve": "CVE-2022-21216", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21216" }, { "cve": "CVE-2022-21233", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21233" }, { "cve": "CVE-2022-2124", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2124" }, { "cve": "CVE-2022-2125", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2125" }, { "cve": "CVE-2022-2126", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2126" }, { "cve": "CVE-2022-2129", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2129" }, { "cve": "CVE-2022-21363", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21363" }, { "cve": "CVE-2022-21385", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21385" }, { "cve": "CVE-2022-21499", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21499" }, { "cve": "CVE-2022-2153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2153" }, { "cve": "CVE-2022-21540", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21540" }, { "cve": "CVE-2022-21541", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21541" }, { "cve": "CVE-2022-21549", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21549" }, { "cve": "CVE-2022-21618", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21618" }, { "cve": "CVE-2022-21619", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21619" }, { "cve": "CVE-2022-21624", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21624" }, { "cve": "CVE-2022-21626", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21626" }, { "cve": "CVE-2022-21628", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21628" }, { "cve": "CVE-2022-21702", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21702" }, { "cve": "CVE-2022-2175", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2175" }, { "cve": "CVE-2022-2182", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2182" }, { "cve": "CVE-2022-2183", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2183" }, { "cve": "CVE-2022-2206", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2206" }, { "cve": "CVE-2022-2207", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2207" }, { "cve": "CVE-2022-2208", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2208" }, { "cve": "CVE-2022-2210", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2210" }, { "cve": "CVE-2022-2231", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2231" }, { "cve": "CVE-2022-2256", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2256" }, { "cve": "CVE-2022-2257", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2257" }, { "cve": "CVE-2022-2264", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2264" }, { "cve": "CVE-2022-2284", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2284" }, { "cve": "CVE-2022-2285", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2285" }, { "cve": "CVE-2022-2286", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2286" }, { "cve": "CVE-2022-2287", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2287" }, { "cve": "CVE-2022-22976", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-22976" }, { "cve": "CVE-2022-22978", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-22978" }, { "cve": "CVE-2022-2304", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2304" }, { "cve": "CVE-2022-2318", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2318" }, { "cve": "CVE-2022-23302", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23302" }, { "cve": "CVE-2022-23305", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23305" }, { "cve": "CVE-2022-23307", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23307" }, { "cve": "CVE-2022-2343", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2343" }, { "cve": "CVE-2022-2344", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2344" }, { "cve": "CVE-2022-2345", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2345" }, { "cve": "CVE-2022-23471", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23471" }, { "cve": "CVE-2022-23521", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23521" }, { "cve": "CVE-2022-23772", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23772" }, { "cve": "CVE-2022-23773", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23773" }, { "cve": "CVE-2022-24302", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-24302" }, { "cve": "CVE-2022-24329", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-24329" }, { "cve": "CVE-2022-24823", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-24823" }, { "cve": "CVE-2022-24903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-24903" }, { "cve": "CVE-2022-2503", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2503" }, { "cve": "CVE-2022-25147", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-25147" }, { "cve": "CVE-2022-25168", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-25168" }, { "cve": "CVE-2022-2519", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2519" }, { "cve": "CVE-2022-2520", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2520" }, { "cve": "CVE-2022-2521", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2521" }, { "cve": "CVE-2022-2522", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2522" }, { "cve": "CVE-2022-25647", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-25647" }, { "cve": "CVE-2022-2571", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2571" }, { "cve": "CVE-2022-2580", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2580" }, { "cve": "CVE-2022-2581", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2581" }, { "cve": "CVE-2022-25857", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-25857" }, { "cve": "CVE-2022-2588", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2588" }, { "cve": "CVE-2022-2598", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2598" }, { "cve": "CVE-2022-26148", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-26148" }, { "cve": "CVE-2022-26365", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-26365" }, { "cve": "CVE-2022-26373", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-26373" }, { "cve": "CVE-2022-2639", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2639" }, { "cve": "CVE-2022-26612", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-26612" }, { "cve": "CVE-2022-2663", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2663" }, { "cve": "CVE-2022-27781", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-27781" }, { "cve": "CVE-2022-27782", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-27782" }, { "cve": "CVE-2022-27943", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-27943" }, { "cve": "CVE-2022-2795", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2795" }, { "cve": "CVE-2022-28131", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-28131" }, { "cve": "CVE-2022-2816", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2816" }, { "cve": "CVE-2022-2817", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2817" }, { "cve": "CVE-2022-2819", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2819" }, { "cve": "CVE-2022-28327", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-28327" }, { "cve": "CVE-2022-2845", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2845" }, { "cve": "CVE-2022-2849", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2849" }, { "cve": "CVE-2022-2862", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2862" }, { "cve": "CVE-2022-2867", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2867" }, { "cve": "CVE-2022-2868", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2868" }, { "cve": "CVE-2022-2869", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2869" }, { "cve": "CVE-2022-28693", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-28693" }, { "cve": "CVE-2022-2874", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2874" }, { "cve": "CVE-2022-28748", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-28748" }, { "cve": "CVE-2022-2880", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2880" }, { "cve": "CVE-2022-2889", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2889" }, { "cve": "CVE-2022-29162", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29162" }, { "cve": "CVE-2022-29187", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29187" }, { "cve": "CVE-2022-2923", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2923" }, { "cve": "CVE-2022-2946", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2946" }, { "cve": "CVE-2022-29526", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29526" }, { "cve": "CVE-2022-29583", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29583" }, { "cve": "CVE-2022-2964", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2964" }, { "cve": "CVE-2022-2977", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2977" }, { "cve": "CVE-2022-2980", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2980" }, { "cve": "CVE-2022-2982", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2982" }, { "cve": "CVE-2022-29900", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29900" }, { "cve": "CVE-2022-29901", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29901" }, { "cve": "CVE-2022-2991", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2991" }, { "cve": "CVE-2022-3016", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3016" }, { "cve": "CVE-2022-3028", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3028" }, { "cve": "CVE-2022-3037", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3037" }, { "cve": "CVE-2022-30580", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30580" }, { "cve": "CVE-2022-30630", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30630" }, { "cve": "CVE-2022-30631", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30631" }, { "cve": "CVE-2022-30632", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30632" }, { "cve": "CVE-2022-30633", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30633" }, { "cve": "CVE-2022-3099", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3099" }, { "cve": "CVE-2022-31030", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-31030" }, { "cve": "CVE-2022-31159", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-31159" }, { "cve": "CVE-2022-3134", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3134" }, { "cve": "CVE-2022-3153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3153" }, { "cve": "CVE-2022-3169", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3169" }, { "cve": "CVE-2022-31690", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-31690" }, { "cve": "CVE-2022-32148", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32148" }, { "cve": "CVE-2022-32149", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32149" }, { "cve": "CVE-2022-32206", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32206" }, { "cve": "CVE-2022-32208", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32208" }, { "cve": "CVE-2022-32221", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32221" }, { "cve": "CVE-2022-3234", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3234" }, { "cve": "CVE-2022-3235", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3235" }, { "cve": "CVE-2022-3239", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3239" }, { "cve": "CVE-2022-3278", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3278" }, { "cve": "CVE-2022-3296", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3296" }, { "cve": "CVE-2022-3297", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3297" }, { "cve": "CVE-2022-33196", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33196" }, { "cve": "CVE-2022-3324", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3324" }, { "cve": "CVE-2022-3352", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3352" }, { "cve": "CVE-2022-33740", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33740" }, { "cve": "CVE-2022-33741", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33741" }, { "cve": "CVE-2022-33742", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33742" }, { "cve": "CVE-2022-33972", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33972" }, { "cve": "CVE-2022-33981", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33981" }, { "cve": "CVE-2022-34169", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-34169" }, { "cve": "CVE-2022-3424", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3424" }, { "cve": "CVE-2022-34266", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-34266" }, { "cve": "CVE-2022-34526", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-34526" }, { "cve": "CVE-2022-34903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-34903" }, { "cve": "CVE-2022-3491", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3491" }, { "cve": "CVE-2022-3515", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3515" }, { "cve": "CVE-2022-3520", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3520" }, { "cve": "CVE-2022-3521", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3521" }, { "cve": "CVE-2022-3524", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3524" }, { "cve": "CVE-2022-35252", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-35252" }, { "cve": "CVE-2022-3542", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3542" }, { "cve": "CVE-2022-3545", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3545" }, { "cve": "CVE-2022-3564", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3564" }, { "cve": "CVE-2022-3565", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3565" }, { "cve": "CVE-2022-3566", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3566" }, { "cve": "CVE-2022-3567", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3567" }, { "cve": "CVE-2022-35737", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-35737" }, { "cve": "CVE-2022-3586", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3586" }, { "cve": "CVE-2022-3591", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3591" }, { "cve": "CVE-2022-3594", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3594" }, { "cve": "CVE-2022-3597", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3597" }, { "cve": "CVE-2022-3599", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3599" }, { "cve": "CVE-2022-36109", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36109" }, { "cve": "CVE-2022-3621", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3621" }, { "cve": "CVE-2022-3626", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3626" }, { "cve": "CVE-2022-3627", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3627" }, { "cve": "CVE-2022-3628", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3628" }, { "cve": "CVE-2022-36280", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36280" }, { "cve": "CVE-2022-3629", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3629" }, { "cve": "CVE-2022-3635", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3635" }, { "cve": "CVE-2022-3643", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3643" }, { "cve": "CVE-2022-36437", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36437" }, { "cve": "CVE-2022-3646", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3646" }, { "cve": "CVE-2022-3649", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3649" }, { "cve": "CVE-2022-36760", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36760" }, { "cve": "CVE-2022-36879", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36879" }, { "cve": "CVE-2022-36946", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36946" }, { "cve": "CVE-2022-3705", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3705" }, { "cve": "CVE-2022-37434", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-37434" }, { "cve": "CVE-2022-37436", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-37436" }, { "cve": "CVE-2022-37865", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-37865" }, { "cve": "CVE-2022-37866", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-37866" }, { "cve": "CVE-2022-38090", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38090" }, { "cve": "CVE-2022-38096", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38096" }, { "cve": "CVE-2022-38126", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38126" }, { "cve": "CVE-2022-38127", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38127" }, { "cve": "CVE-2022-38177", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38177" }, { "cve": "CVE-2022-38178", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38178" }, { "cve": "CVE-2022-3821", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3821" }, { "cve": "CVE-2022-38533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38533" }, { "cve": "CVE-2022-38749", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38749" }, { "cve": "CVE-2022-38750", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38750" }, { "cve": "CVE-2022-38751", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38751" }, { "cve": "CVE-2022-38752", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38752" }, { "cve": "CVE-2022-39028", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-39028" }, { "cve": "CVE-2022-3903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3903" }, { "cve": "CVE-2022-39188", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-39188" }, { "cve": "CVE-2022-39399", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-39399" }, { "cve": "CVE-2022-3970", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3970" }, { "cve": "CVE-2022-40149", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40149" }, { "cve": "CVE-2022-40150", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40150" }, { "cve": "CVE-2022-40151", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40151" }, { "cve": "CVE-2022-40152", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40152" }, { "cve": "CVE-2022-40153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40153" }, { "cve": "CVE-2022-40303", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40303" }, { "cve": "CVE-2022-40304", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40304" }, { "cve": "CVE-2022-40307", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40307" }, { "cve": "CVE-2022-40674", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40674" }, { "cve": "CVE-2022-40768", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40768" }, { "cve": "CVE-2022-40899", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40899" }, { "cve": "CVE-2022-4095", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4095" }, { "cve": "CVE-2022-41218", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41218" }, { "cve": "CVE-2022-4129", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4129" }, { "cve": "CVE-2022-4141", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4141" }, { "cve": "CVE-2022-41717", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41717" }, { "cve": "CVE-2022-41721", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41721" }, { "cve": "CVE-2022-41848", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41848" }, { "cve": "CVE-2022-41850", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41850" }, { "cve": "CVE-2022-41854", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41854" }, { "cve": "CVE-2022-41858", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41858" }, { "cve": "CVE-2022-41881", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41881" }, { "cve": "CVE-2022-41903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41903" }, { "cve": "CVE-2022-41915", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41915" }, { "cve": "CVE-2022-41966", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41966" }, { "cve": "CVE-2022-41974", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41974" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42003" }, { "cve": "CVE-2022-42004", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42004" }, { "cve": "CVE-2022-42010", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42010" }, { "cve": "CVE-2022-42011", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42011" }, { "cve": "CVE-2022-42012", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42012" }, { "cve": "CVE-2022-42328", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42328" }, { "cve": "CVE-2022-42329", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42329" }, { "cve": "CVE-2022-42703", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42703" }, { "cve": "CVE-2022-42889", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42889" }, { "cve": "CVE-2022-42895", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42895" }, { "cve": "CVE-2022-42896", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42896" }, { "cve": "CVE-2022-42898", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42898" }, { "cve": "CVE-2022-4292", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4292" }, { "cve": "CVE-2022-4293", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4293" }, { "cve": "CVE-2022-42969", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42969" }, { "cve": "CVE-2022-4304", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4304" }, { "cve": "CVE-2022-43552", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43552" }, { "cve": "CVE-2022-43680", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43680" }, { "cve": "CVE-2022-43750", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43750" }, { "cve": "CVE-2022-4378", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4378" }, { "cve": "CVE-2022-43945", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43945" }, { "cve": "CVE-2022-43995", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43995" }, { "cve": "CVE-2022-4415", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4415" }, { "cve": "CVE-2022-4450", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4450" }, { "cve": "CVE-2022-44638", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-44638" }, { "cve": "CVE-2022-45061", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45061" }, { "cve": "CVE-2022-45688", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45688" }, { "cve": "CVE-2022-45884", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45884" }, { "cve": "CVE-2022-45885", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45885" }, { "cve": "CVE-2022-45886", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45886" }, { "cve": "CVE-2022-45887", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45887" }, { "cve": "CVE-2022-45919", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45919" }, { "cve": "CVE-2022-45934", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45934" }, { "cve": "CVE-2022-45939", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45939" }, { "cve": "CVE-2022-4662", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4662" }, { "cve": "CVE-2022-46751", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-46751" }, { "cve": "CVE-2022-46908", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-46908" }, { "cve": "CVE-2022-47629", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-47629" }, { "cve": "CVE-2022-47929", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-47929" }, { "cve": "CVE-2022-48281", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-48281" }, { "cve": "CVE-2022-48337", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-48337" }, { "cve": "CVE-2022-48339", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-48339" }, { "cve": "CVE-2023-0045", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0045" }, { "cve": "CVE-2023-0049", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0049" }, { "cve": "CVE-2023-0051", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0051" }, { "cve": "CVE-2023-0054", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0054" }, { "cve": "CVE-2023-0215", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0215" }, { "cve": "CVE-2023-0286", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0286" }, { "cve": "CVE-2023-0288", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0288" }, { "cve": "CVE-2023-0433", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0433" }, { "cve": "CVE-2023-0464", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0464" }, { "cve": "CVE-2023-0465", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0465" }, { "cve": "CVE-2023-0466", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0466" }, { "cve": "CVE-2023-0512", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0512" }, { "cve": "CVE-2023-0590", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0590" }, { "cve": "CVE-2023-0597", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0597" }, { "cve": "CVE-2023-0833", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0833" }, { "cve": "CVE-2023-1076", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1076" }, { "cve": "CVE-2023-1095", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1095" }, { "cve": "CVE-2023-1118", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1118" }, { "cve": "CVE-2023-1127", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1127" }, { "cve": "CVE-2023-1170", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1170" }, { "cve": "CVE-2023-1175", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1175" }, { "cve": "CVE-2023-1370", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1370" }, { "cve": "CVE-2023-1380", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1380" }, { "cve": "CVE-2023-1390", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1390" }, { "cve": "CVE-2023-1436", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1436" }, { "cve": "CVE-2023-1513", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1513" }, { "cve": "CVE-2023-1611", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1611" }, { "cve": "CVE-2023-1670", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1670" }, { "cve": "CVE-2023-1855", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1855" }, { "cve": "CVE-2023-1989", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1989" }, { "cve": "CVE-2023-1990", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1990" }, { "cve": "CVE-2023-1998", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1998" }, { "cve": "CVE-2023-20862", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-20862" }, { "cve": "CVE-2023-2124", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2124" }, { "cve": "CVE-2023-2162", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2162" }, { "cve": "CVE-2023-2176", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2176" }, { "cve": "CVE-2023-21830", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21830" }, { "cve": "CVE-2023-21835", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21835" }, { "cve": "CVE-2023-21843", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21843" }, { "cve": "CVE-2023-21930", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21930" }, { "cve": "CVE-2023-21937", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21937" }, { "cve": "CVE-2023-21938", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21938" }, { "cve": "CVE-2023-21939", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21939" }, { "cve": "CVE-2023-2194", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2194" }, { "cve": "CVE-2023-21954", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21954" }, { "cve": "CVE-2023-21967", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21967" }, { "cve": "CVE-2023-21968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21968" }, { "cve": "CVE-2023-22490", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-22490" }, { "cve": "CVE-2023-2253", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2253" }, { "cve": "CVE-2023-22809", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-22809" }, { "cve": "CVE-2023-23454", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23454" }, { "cve": "CVE-2023-23455", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23455" }, { "cve": "CVE-2023-23559", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23559" }, { "cve": "CVE-2023-23916", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23916" }, { "cve": "CVE-2023-23946", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23946" }, { "cve": "CVE-2023-24329", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-24329" }, { "cve": "CVE-2023-24532", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-24532" }, { "cve": "CVE-2023-24534", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-24534" }, { "cve": "CVE-2023-2483", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2483" }, { "cve": "CVE-2023-24998", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-24998" }, { "cve": "CVE-2023-2513", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2513" }, { "cve": "CVE-2023-25193", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25193" }, { "cve": "CVE-2023-25652", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25652" }, { "cve": "CVE-2023-25690", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25690" }, { "cve": "CVE-2023-25809", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25809" }, { "cve": "CVE-2023-25815", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25815" }, { "cve": "CVE-2023-26048", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-26048" }, { "cve": "CVE-2023-26049", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-26049" }, { "cve": "CVE-2023-2650", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2650" }, { "cve": "CVE-2023-26545", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-26545" }, { "cve": "CVE-2023-26604", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-26604" }, { "cve": "CVE-2023-27533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27533" }, { "cve": "CVE-2023-27534", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27534" }, { "cve": "CVE-2023-27535", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27535" }, { "cve": "CVE-2023-27536", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27536" }, { "cve": "CVE-2023-27538", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27538" }, { "cve": "CVE-2023-27561", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27561" }, { "cve": "CVE-2023-2828", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2828" }, { "cve": "CVE-2023-28320", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28320" }, { "cve": "CVE-2023-28321", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28321" }, { "cve": "CVE-2023-28322", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28322" }, { "cve": "CVE-2023-28328", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28328" }, { "cve": "CVE-2023-28464", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28464" }, { "cve": "CVE-2023-28486", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28486" }, { "cve": "CVE-2023-28487", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28487" }, { "cve": "CVE-2023-28642", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28642" }, { "cve": "CVE-2023-28772", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28772" }, { "cve": "CVE-2023-28840", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28840" }, { "cve": "CVE-2023-28841", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28841" }, { "cve": "CVE-2023-28842", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28842" }, { "cve": "CVE-2023-29007", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29007" }, { "cve": "CVE-2023-29383", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29383" }, { "cve": "CVE-2023-29402", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29402" }, { "cve": "CVE-2023-29406", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29406" }, { "cve": "CVE-2023-29409", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29409" }, { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2976" }, { "cve": "CVE-2023-30630", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-30630" }, { "cve": "CVE-2023-30772", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-30772" }, { "cve": "CVE-2023-31084", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-31084" }, { "cve": "CVE-2023-3138", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-3138" }, { "cve": "CVE-2023-31436", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-31436" }, { "cve": "CVE-2023-31484", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-31484" }, { "cve": "CVE-2023-32269", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-32269" }, { "cve": "CVE-2023-32697", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-32697" }, { "cve": "CVE-2023-33264", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-33264" }, { "cve": "CVE-2023-34034", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34034" }, { "cve": "CVE-2023-34035", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34035" }, { "cve": "CVE-2023-34453", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34453" }, { "cve": "CVE-2023-34454", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34454" }, { "cve": "CVE-2023-34455", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34455" }, { "cve": "CVE-2023-34462", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34462" }, { "cve": "CVE-2023-35116", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-35116" }, { "cve": "CVE-2023-3635", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-3635" }, { "cve": "CVE-2023-36479", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-36479" }, { "cve": "CVE-2023-39533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-39533" }, { "cve": "CVE-2023-40167", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-40167" }, { "cve": "CVE-2023-40217", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-40217" }, { "cve": "CVE-2023-41105", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-41105" }, { "cve": "CVE-2023-41900", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-41900" }, { "cve": "CVE-2023-43642", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-43642" }, { "cve": "CVE-2023-43804", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-43804" }, { "cve": "CVE-2023-44487", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-44487" }, { "cve": "CVE-2023-45803", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-45803" }, { "cve": "CVE-2024-21626", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2024-21626" } ] }
ghsa-8hfj-xrj2-pm22
Vulnerability from github
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).
{ "affected": [ { "package": { "ecosystem": "crates.io", "name": "openssl-src" }, "ranges": [ { "events": [ { "introduced": "111.11.0" }, { "fixed": "111.15.0" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2021-3450" ], "database_specific": { "cwe_ids": [ "CWE-295" ], "github_reviewed": true, "github_reviewed_at": "2021-08-19T17:22:00Z", "nvd_published_at": "2021-03-25T15:15:00Z", "severity": "HIGH" }, "details": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).", "id": "GHSA-8hfj-xrj2-pm22", "modified": "2023-08-04T18:38:54Z", "published": "2021-08-25T20:54:00Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450" }, { "type": "WEB", "url": "https://www.tenable.com/security/tns-2021-09" }, { "type": "WEB", "url": "https://www.tenable.com/security/tns-2021-08" }, { "type": "WEB", "url": "https://www.tenable.com/security/tns-2021-05" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "type": "WEB", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "type": "WEB", "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "type": "WEB", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20210326-0006" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202103-03" }, { "type": "WEB", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc" }, { "type": "WEB", "url": "https://rustsec.org/advisories/RUSTSEC-2021-0056.html" }, { "type": "WEB", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013" }, { "type": "WEB", "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP" }, { "type": "WEB", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356" }, { "type": "WEB", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845" }, { "type": "PACKAGE", "url": "https://github.com/alexcrichton/openssl-src-rs" }, { "type": "WEB", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b" }, { "type": "WEB", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "type": "CVSS_V3" } ], "summary": "Certificate check bypass in openssl-src" }
cisco-sa-openssl-2021-ghy28djd
Vulnerability from csaf_cisco
Notes
{ "document": { "acknowledgments": [ { "summary": "These vulnerabilities were publicly disclosed by the OpenSSL Software Foundation on March 25, 2021." } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "notes": [ { "category": "summary", "text": "On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], [\"https://www.openssl.org/news/secadv/20210325.txt\"] that disclosed two vulnerabilities.\r\n\r\nExploitation of these vulnerabilities could allow an attacker to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition.\r\n\r\nThis advisory is available at the following link:\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd\"]", "title": "Summary" }, { "category": "general", "text": "Cisco investigated its product line to determine which products and services may be affected by this vulnerability.\r\n\r\n\r\nThe Vulnerable Products [\"#vp\"] section includes Cisco bug IDs for each product. The bugs will be accessible through the Cisco Bug Search Tool [\"https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID\"] and will contain additional platform-specific information, including workarounds (if available) and fixed software releases.\r\n\r\nAny product or service not listed in the Vulnerable Products [\"#vp\"] section of this advisory is to be considered not vulnerable.", "title": "Affected Products" }, { "category": "general", "text": "The following table lists Cisco products that are affected by the vulnerabilities that are described in this advisory. If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), customers should refer to the associated Cisco bug(s) for further details. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details.\r\n Product Cisco Bug ID Fixed Release Availability [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"] Collaboration and Social Media Cisco Webex Meetings Server CSCvx82619 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82619\"] 4.0MR4 (May 2021) Endpoint Clients and Client Software Cisco Webex Meetings for iOS CSCvx82617 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82617\"] 41.4 (Feb 2021)\r\n11.4 (Feb 2021) Meraki Products Cisco Meraki MS390 \u2014 Release TBD (May 2021) Network and Content Security Devices Cisco Firepower 4100 Series CSCvx82705 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82705\"] 2.10.1 (May 2021)\r\n2.9.1 (Jun 2021)\r\n2.11.1 (Oct 2021) Cisco Firepower 9300 Security Appliances CSCvx82705 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82705\"] 2.10.1 (May 2021)\r\n2.9.1 (Jun 2021)\r\n2.11.1 (Oct 2021) Cisco Threat Grid Appliance M5 CSCvx82740 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82740\"] 2.13.0 (Apr 2021) Cisco Web Security Appliance (WSA) CSCvx82614 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82614\"] 14.0 (Jun 2021) Network Management and Provisioning Cisco Business Process Automation CSCvx82587 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82587\"] 3.1 (Jun 2021) Cisco Connected Pharma CSCvx82681 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82681\"] 1.5.7 (May 2021) Cisco Container Platform CSCvx82677 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82677\"] 10.0.0 (Apr 2021) Cisco Evolved Programmable Network Manager CSCvx82652 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82652\"] 5.1 (April 2021) Cisco Kinetic for Cities CSCvx82734 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82734\"] MD 3.5.2.15 (April 2021) Cisco Managed Services Accelerator CSCvx82693 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82693\"] 4.0.0 (Jul 2021) Cisco Policy Suite CSCvx82748 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82748\"] 21.2 (Aug 2021) Cisco Prime Infrastructure CSCvx82664 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82664\"] 3.10 (Sept 2021)\r\n3.9 (May 2021) Cisco Security Manager CSCvx82670 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82670\"] CSM 4.24 (Dec 2021) Cisco Virtualized Infrastructure Manager CSCvx82666 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82666\"] 4.2 (May 2021)\r\n4.2.1 (July 2021) Routing and Switching - Enterprise and Service Provider Cisco 800 Series Industrial Integrated Services Routers (IOx feature) CSCvx88577 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx88577\"] 15.9(3)M4 (Jul 2021) Cisco IOS XR Software CSCvx82673 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82673\"] 7.3.2 (Oct 2021)\r\n7.5.1 (Dec 2021) Cisco IOS and IOS XE Software CSCvx82754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82754\"] 17.6.1 (Jul 2021)\r\n17.3.4 (Jun 2021)\r\n17.4.3 (Dec 2021) Cisco IOx Fog Director CSCvx82750 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82750\"] 1.14.3 (Apr 2021) Cisco Nexus 3000 Series Switches (NX-OS 10.1) CSCvx82861 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82861\"] 10.1.2 (Apr 2021) Cisco Nexus 9000 Series Switches in standalone NX-OS mode (NX-OS 10.1) CSCvx82861 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82861\"] 10.1.2 (Apr 2021) Cisco c800 Series Integrated Services Routers (IOx feature) CSCvx82752 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82752\"] 15.9(3)M4 (Jul 2021) Routing and Switching - Small Business Cisco 250 Series Smart Switches CSCvx82728 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82728\"] 3.2.x (Mar 2022) Cisco 350 Series Managed (SF350 and SG350) Switches CSCvx82727 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82727\"] 3.2.x (Mar 2022) Cisco 550X Series Stackable (SF550 and SG550) Managed Switches CSCvx82727 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82727\"] 3.2.x (Mar 2022) Cisco Business 250 Series Smart Switches CSCvx82710 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82710\"] 3.2.x (Mar 2022) Cisco Business 350 Series Managed Switches CSCvx82710 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82710\"] 3.2.x (Mar 2022) Cisco Small Business RV Series RV320 Dual Gigabit WAN VPN Router CSCvx82720 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82720\"] None planned Cisco Small Business RV Series RV325 Dual WAN VPN Router CSCvx82721 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82721\"] None planned Cisco Small Business RV130 Series VPN Routers CSCvx82717 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82717\"] None planned Unified Computing Cisco UCS B-Series Blade Servers CSCvx82644 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82644\"] 4.2(1) (May 2021) Cisco UCS Standalone C-Series Rack Server - Integrated Management Controller CSCvx82648 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82648\"] 4.2(1a) (May 2021) Voice and Unified Communications Devices Cisco Computer Telephony Integration Object Server (CTIOS) CSCvx82605 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82605\"] 12.6(1) (May 2021)\r\n12.5(1) (May 2021) Cisco IP Conference Phone 7832 with Multiplatform Firmware CSCvx84316 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84316\"] 11.3.4 (Jun 2021) Cisco IP Conference Phone 7832 CSCvx82765 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82765\"] 14.1.1 (Sept 2021) Cisco IP Conference Phone 8832 with Multiplatform Firmware CSCvx84321 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84321\"] 11.3.4 (Jun 2021) Cisco IP Conference Phone 8832 CSCvx82791 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82791\"] 14.1.1 (Sept 2021) Cisco IP Phone 6800 Series with Multiplatform Firmware CSCvx84326 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84326\"] 11.3.4 (Jun 2021) Cisco IP Phone 7800 Series with Multiplatform Firmware CSCvx84320 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84320\"] 11.3.4 (Jun 2021) Cisco IP Phone 8800 Series with Multiplatform Firmware CSCvx84314 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84314\"] 11.3.4 (Jun 2021) Cisco IP Phone 8800 Series CSCvx84332 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84332\"] 14.1.1 (Sept 2021) Cisco IP Phone 8845 with Multiplatform Firmware CSCvx84315 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84315\"] 11.3.4 (Jun 2021) Cisco IP Phone 8845 CSCvx84323 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84323\"] 14.1.1 (Sept 2021) Cisco IP Phone 8865 with Multiplatform Firmware CSCvx84315 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84315\"] 11.3.4 (Jun 2021) Cisco IP Phone 8865 CSCvx84323 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84323\"] 14.1.1 (Sept 2021) Cisco Unified Contact Center Enterprise CSCvx82605 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82605\"] 12.6(1) (May 2021)\r\n12.5(1) (May 2021) Cisco Unified Intelligent Contact Management Enterprise CSCvx82605 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82605\"] 12.6(1) (May 2021)\r\n12.5(1) (May 2021) Cisco Virtualization Experience Media Edition CSCvx82792 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82792\"] 14.0.1 (May 2021) Cisco Webex Hybrid Data Security Node CSCvx82620 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82620\"] 2021.02.10.4763 (May 2021) Cisco Webex Room Phone CSCvx84328 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84328\"] 1.2(0)SR1 (Aug 2021) Cisco Webex Video Mesh CSCvx82684 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82684\"] 2021.04.22.2nnn (Apr 2021) Cisco Webex Wireless Phone CSCvx84322 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84322\"] 1.3(0) (Jun 2021) Cisco Wireless IP Phone 8821 CSCvx82788 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82788\"] 11.0(6)SR2 (Sept 2021) Video, Streaming, TelePresence, and Transcoding Devices Cisco Meeting Server CSCvx82685 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82685\"] 3.2.1 (May 2021)\r\n3.1.3 (May 2021) Cisco TelePresence MX and SX Series CSCvy03325 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy03325\"] CE-10.3.2.x (May 2021)\r\nCE-9.15.3.x (May 2021) Cisco Video Surveillance Media Server CSCvx82708 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82708\"] VSM-7.14.3 (May 2021) Cisco Webex Board (all models) CSCvy03325 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy03325\"] CE-10.3.2.x (May 2021)\r\nCE-9.15.3.x (May 2021) Cisco Webex DX70 and DX80 CSCvy03325 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy03325\"] CE-10.3.2.x (May 2021)\r\nCE-9.15.3.x (May 2021) Wireless Cisco WAP121 Wireless-N Access Point with Single Point Setup CSCvx82732 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82732\"] None planned Cisco WAP321 Wireless-N Access Point with Single Point Setup CSCvx82732 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82732\"] None planned Cisco WAP371 Wireless-AC/N Access Point with Single Point Setup CSCvx82730 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82730\"] None planned Cisco Cloud Hosted Services Cisco Cloud Network Automation Provisioner CSCvx82591 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82591\"] Cisco Smart Net Total Care - On-Premises CSCvx82599 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82599\"] 2.1.1 (May 2021)", "title": "Vulnerable Products" }, { "category": "general", "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by these vulnerabilities.\r\n\r\nCisco has confirmed that these vulnerabilities do not affect the following products:\r\n\r\nEndpoint Clients and Client Software\r\n\r\nCisco AnyConnect - Network Access Manager\r\nCisco AnyConnect Secure Mobility Client for Android\r\nCisco AnyConnect Secure Mobility Client for Linux\r\nCisco AnyConnect Secure Mobility Client for Mac OS X\r\nCisco AnyConnect Secure Mobility Client for Windows\r\nCisco AnyConnect Secure Mobility Client for iOS\r\nCisco Jabber Guest\r\nCisco Jabber Software Development Kit\r\nCisco Jabber for Mac\r\nCisco Jabber for Windows\r\nCisco Webex Business Suite\r\nCisco Webex Meetings Client - Hosted\r\n\r\nMeraki Products\r\n\r\nCisco Meraki Go (all models)\r\nCisco Meraki MG (all models)\r\nCisco Meraki MR (all models)\r\nCisco Meraki MS120 Series\r\nCisco Meraki MS125 Series\r\nCisco Meraki MS210 Series\r\nCisco Meraki MS225 Series\r\nCisco Meraki MS250 Series\r\nCisco Meraki MS350 Series\r\nCisco Meraki MS355 Series\r\nCisco Meraki MS410 Series\r\nCisco Meraki MS425 Series\r\nCisco Meraki MS450 Series\r\nCisco Meraki MT (all models)\r\nCisco Meraki MV (all models)\r\nCisco Meraki MX (all models)\r\nCisco Meraki Z-Series (all models)\r\n\r\nNetwork Application, Service, and Acceleration\r\n\r\nCisco Cloud Services Platform 2100\r\nCisco Tetration Analytics\r\nCisco Wide Area Application Services (WAAS)\r\n\r\nNetwork and Content Security Devices\r\n\r\nCisco AMP Virtual Private Cloud Appliance\r\nCisco Adaptive Security Appliance (ASA)\r\nCisco Content Security Management Appliance (SMA)\r\nCisco Email Security Appliance (ESA)\r\nCisco Firepower 1000 Series\r\nCisco Firepower 2100 Series\r\nCisco Firepower Management Center\r\nCisco Identity Services Engine (ISE)\r\nCisco Umbrella Virtual Appliance\r\n\r\nNetwork Management and Provisioning\r\n\r\nCisco ACI Multi-Site Orchestrator\r\nCisco Application Policy Infrastructure Controller (APIC)\r\nCisco Cyber Vision\r\nCisco Data Center Network Manager (DCNM)\r\nCisco FindIT Network Probe\r\nCisco NetFlow Generation Appliance\r\nCisco Network Analysis Module\r\nCisco Network Services Orchestrator (NSO)\r\nCisco Prime Access Registrar\r\nCisco Prime Collaboration Assurance\r\nCisco Prime Collaboration Deployment\r\nCisco Prime Collaboration Provisioning\r\nCisco Prime License Manager\r\nCisco Prime Network Change and Configuration Management\r\nCisco Prime Network Registrar Virtual Appliance\r\nCisco Prime Network Registrar\r\nCisco Prime Optical for Service Providers\r\nCisco Prime Performance Manager\r\nCisco Prime Service Catalog Virtual Appliance\r\nCisco Telemetry Broker\r\nCisco UCS Central Software\r\nCisco WAN Automation Engine (WAE)\r\n\r\nRouting and Switching - Enterprise and Service Provider\r\n\r\nCisco ACI Virtual Edge\r\nCisco ASR 5000 Series Routers\r\nCisco ASR 9000 Series Aggregated Services Router Virtualized Services Module\r\nCisco Application Policy Infrastructure Controller (APIC) - Enterprise Module\r\nCisco DNA Center\r\nCisco MDS 9000 Series Multilayer Switches\r\nCisco Network Assurance Engine\r\nCisco Nexus 1000V Series Switches\r\nCisco Nexus 5500 Platform Switches\r\nCisco Nexus 5600 Platform Switches\r\nCisco Nexus 6000 Series Switches\r\nCisco Nexus 7000 Series Switches\r\nCisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode\r\nCisco SD-WAN vEdge 1000 Series Routers\r\nCisco SD-WAN vEdge 2000 Series Routers\r\nCisco SD-WAN vEdge 5000 Series Routers\r\nCisco SD-WAN vEdge Cloud Router Platform\r\nCisco Stealthwatch Cloud\r\nCisco Stealthwatch Endpoint Concentrator\r\nCisco Stealthwatch Flow Collector NetFlow\r\nCisco Stealthwatch Flow Collector sFlow\r\nCisco Stealthwatch Flow Sensor\r\nCisco Stealthwatch Management Console (SMC)\r\nCisco Stealthwatch UDP Director\r\n\r\nRouting and Switching - Small Business\r\n\r\nCisco 220 Series Smart Plus (SF220 and SG220) Switches\r\nCisco 500 Series Stackable (SF500 and SG500) Managed Switches\r\nCisco FindIT Network Manager\r\nCisco RV132W ADSL2+ Wireless-N VPN Router\r\nCisco RV134W VDSL2 Wireless-AC VPN Router\r\nCisco RV160 VPN Router\r\nCisco RV160W Wireless-AC VPN Router\r\nCisco RV260, RV260P, and RV260W VPN Routers\r\nCisco RV340W Dual WAN Gigabit Wireless-AC VPN Router\r\nCisco Small Business 300 Series (SF300 and SG300)\r\nCisco WAP125 Wireless-AC Dual Band Desktop Access Point with PoE\r\nCisco WAP150 Wireless-AC/N Dual Radio Access Point with PoE\r\nCisco WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE\r\nCisco WAP571 Wireless-AC/N Premium Dual Radio Access Point with PoE\r\nCisco WAP571E Wireless-AC/N Premium Dual Radio Outdoor Access Point\r\nCisco WRP500 Wireless-AC Broadband Router\r\n\r\nUnified Computing\r\n\r\nCisco Common Services Platform Collector\r\nCisco Enterprise NFV Infrastructure Software (NFVIS)\r\nCisco HyperFlex System\r\nCisco UCS 6200 Series Fabric Interconnects\r\nCisco UCS 6300 Series Fabric Interconnects\r\nCisco UCS 6400 Series Fabric Interconnects\r\nCisco UCS Director\r\nCisco UCS E-Series Servers\r\nCisco UCS Manager\r\n\r\nVoice and Unified Communications Devices\r\n\r\nCisco ATA 191 Analog Telephone Adapter\r\nCisco Agent Desktop for Cisco Unified Contact Center Express\r\nCisco Business Edition 4000\r\nCisco Emergency Responder\r\nCisco Finesse\r\nCisco Hosted Collaboration Mediation Fulfillment\r\nCisco IP DECT 110 Repeater with Multiplatform Firmware\r\nCisco IP DECT 210 Multi-Cell Base-Station\r\nCisco IP DECT 6800 Series\r\nCisco IP DECT 6823 with Multiplatform Firmware\r\nCisco IP DECT Phone RPT-110 Repeater\r\nCisco IP Phone 7800 Series\r\nCisco MediaSense\r\nCisco Paging Server (InformaCast)\r\nCisco Paging Server\r\nCisco SPA51x IP Phones\r\nCisco SPA8800 IP Telephony Gateway\r\nCisco Small Business SPA300 Series IP Phones\r\nCisco Small Business SPA500 Series IP Phones\r\nCisco Unified Attendant Console Advanced\r\nCisco Unified Attendant Console Business Edition\r\nCisco Unified Attendant Console Department Edition\r\nCisco Unified Attendant Console Enterprise Edition\r\nCisco Unified Attendant Console Premium Edition\r\nCisco Unified Attendant Console Standard\r\nCisco Unified Communications Domain Manager\r\nCisco Unified Communications Manager / Cisco Unified Communications Manager Session Management Edition\r\nCisco Unified Communications Manager IM \u0026Presence Service (formerly CUPS)\r\nCisco Unified Contact Center Express\r\nCisco Unified IP Conference Phone 8831\r\nCisco Unified IP Phone 3905\r\nCisco Unified IP Phone 6901\r\nCisco Unified IP Phone 6911\r\nCisco Unified IP Phone 7937\r\nCisco Unified IP Phone 8945\r\nCisco Unified IP Phone 8965\r\nCisco Unified Intelligence Center\r\nCisco Unified SIP Proxy Software\r\nCisco Unity Connection\r\nCisco Unity Express\r\nCisco Virtualized Voice Browser\r\nCisco Webex Share\r\n\r\nVideo, Streaming, TelePresence, and Transcoding Devices\r\n\r\nCisco Expressway Series\r\nCisco Meeting Management\r\nCisco TelePresence Video Communication Server (VCS)\r\nCisco Video Surveillance 8000 Series IP Cameras\r\n\r\nWireless\r\n\r\nCisco ASA 5506W-X with FirePOWER Services\r\nCisco Aironet 1560 Series Access Points\r\nCisco Aironet 1810 Series OfficeExtend Access Points\r\nCisco Aironet 1810w Series Access Points\r\nCisco Aironet 1815 Series Access Points\r\nCisco Aironet 1830 Series Access Points\r\nCisco Aironet 1850 Series Access Points\r\nCisco Aironet 2800 Series Access Points\r\nCisco Aironet 3800 Series Access Points\r\nCisco Aironet 4800 Access Points\r\nCisco Aironet Access Points - Running Cisco IOS Software\r\nCisco Catalyst 9100 Access Points\r\nCisco Wireless LAN Controller\r\n\r\nCisco Cloud Hosted Services\r\n\r\nCisco Business Video Services Automation Software\r\nCisco CX Cloud Agent Software\r\nCisco Cloud Email Security\r\nCisco Cloud Web Security\r\nCisco Registered Envelope Service\r\nCisco Services Provisioning Platform\r\nCisco Unified Communications Manager Cloud\r\nCisco Universal Small Cell CloudBase Factory Recovery Root File System - Releases 2.99.4 and later\r\nCisco Webex Centers - Meeting Center, Training Center, Event Center, Support Center\r\nCisco Webex Meeting Server - Multimedia Platform\r\nCisco Webex Network-Based Recording (NBR) Management", "title": "Products Confirmed Not Vulnerable" }, { "category": "general", "text": "OpenSSL Certificate Validation Vulnerability\r\nOpenSSL contains a vulnerability that could allow an attacker to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user, or device.\r\n\r\nThe vulnerability is due to a bypassed check in the validation logic of X.509 certificate chains, resulting in the affected system accepting as valid certificates signed by a non-CA certificate or certificate chain. An attacker can exploit this vulnerability by using any valid certificate or certificate chain to sign a crafted certificate. A successful exploit could allow the attacker to conduct a main-in-the-middle (MiTM) attack and obtain sensitive information (or misreport information) or impersonate an organization, user, or device. Exploitation of this vulnerability could also allow attackers to access networks or assets that are protected by certificate authentication.\r\n\r\nThis vulnerability has been assigned the following CVE ID:\r\n\r\nCVE-2021-3450\r\n OpenSSL NULL Pointer Dereference Denial of Service Vulnerability\r\nOpenSSL contains a vulnerability that could allow an attacker to cause a denial of service (DoS) condition on a targeted system.\r\n\r\nThe vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit the vulnerability by submitting crafted Transport Layer Security (TLS) packets to an interface of an affected device. A successful exploit could allow the attacker to cause a crash of the TLS server process which could result in a DoS condition on the targeted device.\r\n\r\nNote: Only servers that are processing incoming TLSv1.2 packets are affected by this vulnerability.\r\n\r\nThis vulnerability has been assigned the following CVE ID:\r\n\r\nCVE-2021-3449", "title": "Details" }, { "category": "general", "text": "Any workarounds will be documented in the product-specific Cisco bugs, which are identified in the Vulnerable Products [\"#vp\"] section of this advisory.", "title": "Workarounds" }, { "category": "general", "text": "For information about fixed software releases [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], consult the Cisco bugs identified in the Vulnerable Products [\"#vp\"] section of this advisory.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.", "title": "Fixed Software" }, { "category": "general", "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.", "title": "Vulnerability Policy" }, { "category": "general", "text": "On March 25, 2021, the OpenSSL Project released OpenSSL Security Advisory [25 March 2021] [\"https://www.openssl.org/news/secadv/20210325.txt\"] detailing these vulnerabilities.\r\n\r\nThe Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory and identified by CVE-2021-3449. Cisco PSIRT is not aware of any malicious use of this vulnerability (CVE-2021-3449).\r\n\r\nCisco PSIRT is not aware of exploit code for or any malicious use of the vulnerability identified by CVE-2021-3450.", "title": "Exploitation and Public Announcements" }, { "category": "general", "text": "These vulnerabilities were publicly disclosed by the OpenSSL Software Foundation on March 25, 2021.", "title": "Source" }, { "category": "legal_disclaimer", "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.", "title": "Legal Disclaimer" } ], "publisher": { "category": "vendor", "contact_details": "Emergency Support:\r\n+1 877 228 7302 (toll-free within North America)\r\n+1 408 525 6532 (International direct-dial)\r\nNon-emergency Support:\r\nEmail: psirt@cisco.com\r\nSupport requests that are received via e-mail are typically acknowledged within 48 hours.", "issuing_authority": "Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.\r\nMore information can be found in Cisco Security Vulnerability Policy available at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html", "name": "Cisco", "namespace": "https://wwww.cisco.com" }, "references": [ { "category": "self", "summary": "Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd" }, { "category": "external", "summary": "Cisco Security Vulnerability Policy", "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html" }, { "category": "external", "summary": "OpenSSL Security Advisory [25 March 2021],", "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "category": "external", "summary": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd" }, { "category": "external", "summary": "Cisco\u0026nbsp;Bug Search Tool", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID" }, { "category": "external", "summary": "Fixed Release Availability", "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes" }, { "category": "external", "summary": "CSCvx82619", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82619" }, { "category": "external", "summary": "CSCvx82617", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82617" }, { "category": "external", "summary": "CSCvx82705", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82705" }, { "category": "external", "summary": "CSCvx82705", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82705" }, { "category": "external", "summary": "CSCvx82740", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82740" }, { "category": "external", "summary": "CSCvx82614", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82614" }, { "category": "external", "summary": "CSCvx82587", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82587" }, { "category": "external", "summary": "CSCvx82681", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82681" }, { "category": "external", "summary": "CSCvx82677", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82677" }, { "category": "external", "summary": "CSCvx82652", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82652" }, { "category": "external", "summary": "CSCvx82734", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82734" }, { "category": "external", "summary": "CSCvx82693", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82693" }, { "category": "external", "summary": "CSCvx82748", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82748" }, { "category": "external", "summary": "CSCvx82664", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82664" }, { "category": "external", "summary": "CSCvx82670", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82670" }, { "category": "external", "summary": "CSCvx82666", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82666" }, { "category": "external", "summary": "CSCvx88577", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx88577" }, { "category": "external", "summary": "CSCvx82673", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82673" }, { "category": "external", "summary": "CSCvx82754", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82754" }, { "category": "external", "summary": "CSCvx82750", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82750" }, { "category": "external", "summary": "CSCvx82861", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82861" }, { "category": "external", "summary": "CSCvx82861", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82861" }, { "category": "external", "summary": "CSCvx82752", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82752" }, { "category": "external", "summary": "CSCvx82728", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82728" }, { "category": "external", "summary": "CSCvx82727", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82727" }, { "category": "external", "summary": "CSCvx82727", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82727" }, { "category": "external", "summary": "CSCvx82710", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82710" }, { "category": "external", "summary": "CSCvx82710", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82710" }, { "category": "external", "summary": "CSCvx82720", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82720" }, { "category": "external", "summary": "CSCvx82721", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82721" }, { "category": "external", "summary": "CSCvx82717", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82717" }, { "category": "external", "summary": "CSCvx82644", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82644" }, { "category": "external", "summary": "CSCvx82648", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82648" }, { "category": "external", "summary": "CSCvx82605", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82605" }, { "category": "external", "summary": "CSCvx84316", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84316" }, { "category": "external", "summary": "CSCvx82765", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82765" }, { "category": "external", "summary": "CSCvx84321", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84321" }, { "category": "external", "summary": "CSCvx82791", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82791" }, { "category": "external", "summary": "CSCvx84326", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84326" }, { "category": "external", "summary": "CSCvx84320", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84320" }, { "category": "external", "summary": "CSCvx84314", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84314" }, { "category": "external", "summary": "CSCvx84332", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84332" }, { "category": "external", "summary": "CSCvx84315", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84315" }, { "category": "external", "summary": "CSCvx84323", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84323" }, { "category": "external", "summary": "CSCvx84315", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84315" }, { "category": "external", "summary": "CSCvx84323", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84323" }, { "category": "external", "summary": "CSCvx82605", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82605" }, { "category": "external", "summary": "CSCvx82605", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82605" }, { "category": "external", "summary": "CSCvx82792", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82792" }, { "category": "external", "summary": "CSCvx82620", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82620" }, { "category": "external", "summary": "CSCvx84328", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84328" }, { "category": "external", "summary": "CSCvx82684", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82684" }, { "category": "external", "summary": "CSCvx84322", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx84322" }, { "category": "external", "summary": "CSCvx82788", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82788" }, { "category": "external", "summary": "CSCvx82685", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82685" }, { "category": "external", "summary": "CSCvy03325", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy03325" }, { "category": "external", "summary": "CSCvx82708", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82708" }, { "category": "external", "summary": "CSCvy03325", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy03325" }, { "category": "external", "summary": "CSCvy03325", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy03325" }, { "category": "external", "summary": "CSCvx82732", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82732" }, { "category": "external", "summary": "CSCvx82732", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82732" }, { "category": "external", "summary": "CSCvx82730", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82730" }, { "category": "external", "summary": "CSCvx82591", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82591" }, { "category": "external", "summary": "CSCvx82599", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx82599" }, { "category": "external", "summary": "fixed software releases", "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes" }, { "category": "external", "summary": "considering software upgrades", "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes" }, { "category": "external", "summary": "Cisco\u0026nbsp;Security Advisories page", "url": "https://www.cisco.com/go/psirt" }, { "category": "external", "summary": "Security Vulnerability Policy", "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html" }, { "category": "external", "summary": "OpenSSL Security Advisory [25 March 2021]", "url": "https://www.openssl.org/news/secadv/20210325.txt" } ], "title": "Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021", "tracking": { "current_release_date": "2021-09-10T17:29:50+00:00", "generator": { "date": "2022-10-22T03:12:27+00:00", "engine": { "name": "TVCE" } }, "id": "cisco-sa-openssl-2021-GHY28dJd", "initial_release_date": "2021-03-25T16:00:00+00:00", "revision_history": [ { "date": "2021-03-25T16:09:54+00:00", "number": "1.0.0", "summary": "Initial public release." }, { "date": "2021-03-26T20:24:24+00:00", "number": "1.1.0", "summary": "Updated the lists of products under investigation." }, { "date": "2021-03-29T20:30:24+00:00", "number": "1.2.0", "summary": "Updated the lists of products under investigation, vulnerable, and not vulnerable." }, { "date": "2021-03-30T20:54:19+00:00", "number": "1.3.0", "summary": "Updated the lists of products under investigation, vulnerable, and not vulnerable. Changed \"missing check\" to \"bypassed check\" in Details. Note that upon further investigation Cisco has confirmed that Cisco Meeting Management is not affected by these vulnerabilities. It was incorrectly listed as vulnerable in a previous version of the advisory." }, { "date": "2021-03-31T20:53:53+00:00", "number": "1.4.0", "summary": "Updated the lists of products under investigation, vulnerable, and not vulnerable." }, { "date": "2021-04-01T20:48:37+00:00", "number": "1.5.0", "summary": "Updated the lists of products under investigation, vulnerable, and not vulnerable. Included information about publicly available code to exploit the vulnerability identified by CVE-2021-3449. Note that upon further investigation Cisco has confirmed that Cisco Identity Services Engine (ISE) is not affected by these vulnerabilities. It was incorrectly listed as vulnerable in a previous version of the advisory." }, { "date": "2021-04-05T20:19:15+00:00", "number": "1.6.0", "summary": "Updated the lists of products under investigation, vulnerable, and not vulnerable. Updated the Revision History for version 1.3." }, { "date": "2021-04-06T12:25:00+00:00", "number": "1.7.0", "summary": "Updated the lists of products under investigation, vulnerable, and not vulnerable." }, { "date": "2021-04-08T20:01:36+00:00", "number": "1.8.0", "summary": "Updated the lists of products under investigation, vulnerable, and not vulnerable." }, { "date": "2021-04-12T20:52:31+00:00", "number": "1.9.0", "summary": "Updated the lists of products under investigation, vulnerable, and not vulnerable. Update fixed release availability information for Cisco Computer Telephony Integration Object Server (CTIOS), Cisco Unified Contact Center Enterprise, and Cisco Unified Intelligent Contact Management Enterprise. Note that upon further investigation Cisco has confirmed that Cisco Webex Share, Cisco DNA Center, Cisco Jabber for Mac, Cisco Jabber for Windows, and Cisco Cyber Vision are not affected by these vulnerabilities." }, { "date": "2021-04-14T19:29:52+00:00", "number": "1.10.0", "summary": "Updated the lists of products under investigation, vulnerable, and not vulnerable. Note that upon further investigation Cisco has confirmed that Cisco Application Policy Infrastructure Controller (APIC) - Enterprise Module is not affected by these vulnerabilities." }, { "date": "2021-04-15T19:58:20+00:00", "number": "1.11.0", "summary": "Updated the lists of products under investigation, vulnerable, and not vulnerable. Updated fixed release availability for Cisco IOS XR Software, Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances." }, { "date": "2021-04-20T18:01:27+00:00", "number": "1.12.0", "summary": "Updated the lists of products under investigation, vulnerable, and not vulnerable. Note that upon further investigation, Cisco has confirmed that Cisco Network Services Orchestrator (NSO) is not affected by these vulnerabilities." }, { "date": "2021-04-21T12:37:08+00:00", "number": "1.13.0", "summary": "Updated the list of vulnerable products. Removed the Cisco Bug ID CSCvx82788 and the CVSS score from the advisory header." }, { "date": "2021-04-22T13:22:21+00:00", "number": "1.14.0", "summary": "Updated the lists of products vulnerable, and not vulnerable. Note that upon further investigation, Cisco has confirmed that Cisco FindIT Network Probe is not affected by these vulnerabilities." }, { "date": "2021-04-27T18:12:42+00:00", "number": "1.15.0", "summary": "Updated the lists of vulnerable products and products confirmed not vulnerable. Upon further investigation, Cisco has confirmed that Cisco SD-WAN vEdge 1000, 2000, and 5000 Series Routers and Cisco SD-WAN vEdge Cloud Router Platform are not affected by these vulnerabilities." }, { "date": "2021-05-07T16:49:34+00:00", "number": "1.16.0", "summary": "Updated the lists of products vulnerable, and not vulnerable. Note that upon further investigation Cisco has confirmed that Cisco Meraki MS390 is affected by the vulnerability identified by the CVE ID CVE-2021-3449. It was incorrectly listed as not vulnerable in a previous version of the advisory." }, { "date": "2021-05-10T14:38:42+00:00", "number": "1.17.0", "summary": "Removed the Cisco bug IDs from the advisory header." }, { "date": "2021-07-06T19:43:55+00:00", "number": "1.18.0", "summary": "Updated the advisory throughout to reflect that the investigation is complete. The fix availability information and the lists of vulnerable and not vulnerable products did not change." }, { "date": "2021-08-30T16:42:56+00:00", "number": "1.19.0", "summary": "Updated Webex Room Phone fixed release." }, { "date": "2021-09-10T17:29:50+00:00", "number": "1.20.0", "summary": "Updated the fixed release availability information for Cisco IOS and IOS XE Software. Removed a duplicate entry for Webex Room Phone." } ], "status": "final", "version": "1.20.0" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_family", "name": "Cisco Adaptive Security Appliance (ASA) Software", "product": { "name": "Cisco Adaptive Security Appliance (ASA) Software ", "product_id": "CSAFPID-6588" } }, { "category": "product_family", "name": "Cisco IOS XE Software", "product": { "name": "Cisco IOS XE Software ", "product_id": "CSAFPID-93036" } }, { "category": "product_family", "name": "Cisco Identity Services Engine Software", "product": { "name": "Cisco Identity Services Engine Software ", "product_id": "CSAFPID-111903" } }, { "category": "product_family", "name": "Cisco IoT Field Network Director (IoT-FND)", "product": { "name": "Cisco IoT Field Network Director (IoT-FND) ", "product_id": "CSAFPID-227605" } }, { "category": "product_family", "name": "Cisco Network Services Orchestrator", "product": { "name": "Cisco Network Services Orchestrator ", "product_id": "CSAFPID-227765" } }, { "category": "product_family", "name": "Cisco HyperFlex HX Data Platform", "product": { "name": "Cisco HyperFlex HX Data Platform ", "product_id": "CSAFPID-247050" } } ], "category": "vendor", "name": "Cisco" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3449", "notes": [ { "category": "other", "text": "Complete.", "title": "Affected Product Comprehensiveness" } ], "product_status": { "known_affected": [ "CSAFPID-93036", "CSAFPID-227605", "CSAFPID-6588", "CSAFPID-247050", "CSAFPID-227765", "CSAFPID-111903" ] }, "remediations": [ { "category": "vendor_fix", "details": "Cisco has released software updates that address this vulnerability.", "product_ids": [ "CSAFPID-227765", "CSAFPID-93036", "CSAFPID-111903", "CSAFPID-247050", "CSAFPID-227605", "CSAFPID-6588" ], "url": "https://software.cisco.com" } ], "title": "Multiple Vulnerabilities in OpenSSL (March 2021)" }, { "cve": "CVE-2021-3450", "notes": [ { "category": "other", "text": "Complete.", "title": "Affected Product Comprehensiveness" } ], "product_status": { "known_affected": [ "CSAFPID-6588" ] }, "remediations": [ { "category": "vendor_fix", "details": "Cisco has released software updates that address this vulnerability.", "product_ids": [ "CSAFPID-6588" ], "url": "https://software.cisco.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "CSAFPID-6588" ] } ], "title": "Multiple Vulnerabilities in OpenSSL (March 2021)" } ] }
icsa-22-069-09
Vulnerability from csaf_cisa
Notes
{ "document": { "acknowledgments": [ { "organization": "Siemens", "summary": "reporting this vulnerability to CISA" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en-US", "notes": [ { "category": "general", "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", "title": "CISA Disclaimer" }, { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "summary", "text": "Successful exploitation of this vulnerability in third-party components could allow an attacker to interfere with the affected product in various ways.", "title": "Risk evaluation" }, { "category": "other", "text": "Energy", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Germany", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" }, { "category": "general", "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "other", "text": "No known public exploits specifically target this vulnerability.", "title": "Exploitability" } ], "publisher": { "category": "coordinator", "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "external", "summary": "SSA-389290: Third-Party Component Vulnerabilities in SINEC INS - CSAF Version", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-389290.json" }, { "category": "self", "summary": "ICS Advisory ICSA-22-069-09 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-069-09.json" }, { "category": "self", "summary": "ICS Advisory ICSA-22-069-09 Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-069-09" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B" }, { "category": "external", "summary": "SSA-389290: Third-Party Component Vulnerabilities in SINEC INS - PDF Version", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "category": "external", "summary": "SSA-389290: Third-Party Component Vulnerabilities in SINEC INS - TXT Version", "url": "https://cert-portal.siemens.com/productcert/txt/ssa-389290.txt" } ], "title": "Siemens SINEC INS", "tracking": { "current_release_date": "2022-03-10T00:00:00.000000Z", "generator": { "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-22-069-09", "initial_release_date": "2022-03-10T00:00:00.000000Z", "revision_history": [ { "date": "2022-03-10T00:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "ICSA-22-069-09 Siemens SINEC INS" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c V1.0.1.1", "product": { "name": "SINEC INS", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "SINEC INS" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-19242", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "SQLite 3.30.1 mishandles pExpr-\u003ey.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2019-19242 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2019-19242 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19242.json" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19242" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19244" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19317" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19603" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19645" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19646" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19880" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19923" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19924" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19925" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19926" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1971" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8169" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8177" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8231" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8284" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8285" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8286" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8625" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9327" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11655" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11656" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13630" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13631" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13632" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13871" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15358" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27304" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3711" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3712" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22876" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22883" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22884" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22890" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22897" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22898" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22901" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22918" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22921" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22922" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22923" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22924" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22925" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22926" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22939" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22940" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22945" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22946" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22947" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23362" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23840" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25214" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25215" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25216" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25219" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27290" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32803" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32804" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37701" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37712" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37713" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39134" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39135" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2019-19242" }, { "cve": "CVE-2019-19244", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2019-19244 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2019-19244 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19244.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2019-19244" }, { "cve": "CVE-2019-19317", "cwe": { "id": "CWE-681", "name": "Incorrect Conversion between Numeric Types" }, "notes": [ { "category": "summary", "text": "lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2019-19317 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2019-19317 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19317.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2019-19317" }, { "cve": "CVE-2019-19603", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2019-19603 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2019-19603 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19603.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2019-19603" }, { "cve": "CVE-2019-19645", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "notes": [ { "category": "summary", "text": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2019-19645 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2019-19645 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19645.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2019-19645" }, { "cve": "CVE-2019-19646", "cwe": { "id": "CWE-754", "name": "Improper Check for Unusual or Exceptional Conditions" }, "notes": [ { "category": "summary", "text": "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2019-19646 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2019-19646 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19646.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2019-19646" }, { "cve": "CVE-2019-19880", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2019-19880 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2019-19880 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19880.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2019-19880" }, { "cve": "CVE-2019-19923", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2019-19923 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2019-19923 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19923.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2019-19923" }, { "cve": "CVE-2019-19924", "cwe": { "id": "CWE-755", "name": "Improper Handling of Exceptional Conditions" }, "notes": [ { "category": "summary", "text": "SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2019-19924 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2019-19924 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19924.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2019-19924" }, { "cve": "CVE-2019-19925", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "notes": [ { "category": "summary", "text": "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2019-19925 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2019-19925 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19925.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2019-19925" }, { "cve": "CVE-2019-19926", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2019-19926 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2019-19926 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-19926.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2019-19926" }, { "cve": "CVE-2020-1971", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL\u0027s s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL\u0027s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-1971 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-1971 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-1971.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-1971" }, { "cve": "CVE-2020-7774", "cwe": { "id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes" }, "notes": [ { "category": "summary", "text": "This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require(\u0027y18n\u0027)(); y18n.setLocale(\u0027PROTO\u0027); y18n.updateLocale({polluted: true}); console.log(polluted); // true", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-7774 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-7774 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-7774.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-7774" }, { "cve": "CVE-2020-8169", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.62.0 to and including 7.70.0 are vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-8169 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-8169 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8169.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-8169" }, { "cve": "CVE-2020-8177", "cwe": { "id": "CWE-74", "name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)" }, "notes": [ { "category": "summary", "text": "curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-8177 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-8177 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8177.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-8177" }, { "cve": "CVE-2020-8231", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "summary", "text": "Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-8231 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-8231 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8231.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-8231" }, { "cve": "CVE-2020-8265", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "summary", "text": "Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-8265 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-8265 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8265.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-8265" }, { "cve": "CVE-2020-8284", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "summary", "text": "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-8284 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-8284 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8284.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-8284" }, { "cve": "CVE-2020-8285", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "notes": [ { "category": "summary", "text": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-8285 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-8285 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8285.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-8285" }, { "cve": "CVE-2020-8286", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.41.0 to and including 7.73.0 are vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. This vulnerability could allow an attacker to pass a revoked certificate as valid.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-8286 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-8286 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8286.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-8286" }, { "cve": "CVE-2020-8287", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "notes": [ { "category": "summary", "text": "Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-8287 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-8287 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8287.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-8287" }, { "cve": "CVE-2020-8625", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "notes": [ { "category": "summary", "text": "BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND\u0027s default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -\u003e 9.11.27, 9.12.0 -\u003e 9.16.11, and versions BIND 9.11.3-S1 -\u003e 9.11.27-S1 and 9.16.8-S1 -\u003e 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -\u003e 9.17.1 of the BIND 9.17 development branch", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-8625 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-8625 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-8625.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-8625" }, { "cve": "CVE-2020-9327", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-9327 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-9327 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-9327.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-9327" }, { "cve": "CVE-2020-11655", "cwe": { "id": "CWE-665", "name": "Improper Initialization" }, "notes": [ { "category": "summary", "text": "SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object\u0027s initialization is mishandled.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-11655 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-11655 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-11655.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-11655" }, { "cve": "CVE-2020-11656", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "summary", "text": "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-11656 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-11656 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-11656.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-11656" }, { "cve": "CVE-2020-13630", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "summary", "text": "ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-13630 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-13630 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-13630.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.0, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-13630" }, { "cve": "CVE-2020-13631", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-13631 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-13631 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-13631.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-13631" }, { "cve": "CVE-2020-13632", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-13632 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-13632 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-13632.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-13632" }, { "cve": "CVE-2020-13871", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "summary", "text": "SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-13871 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-13871 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-13871.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-13871" }, { "cve": "CVE-2020-15358", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "summary", "text": "In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-15358 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-15358 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-15358.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-15358" }, { "cve": "CVE-2020-27304", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "notes": [ { "category": "summary", "text": "The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2020-27304 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2020-27304 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-27304.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2020-27304" }, { "cve": "CVE-2021-3449", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "summary", "text": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-3449 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-3449 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-3449.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-3449" }, { "cve": "CVE-2021-3450", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "notes": [ { "category": "summary", "text": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-3450 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-3450 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-3450.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-3450" }, { "cve": "CVE-2021-3672", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "notes": [ { "category": "summary", "text": "A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-3672 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-3672 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-3672.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-3672" }, { "cve": "CVE-2021-3711", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "notes": [ { "category": "summary", "text": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-3711 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-3711 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-3711.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-3711" }, { "cve": "CVE-2021-3712", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL\u0027s own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-3712 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-3712 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-3712.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-3712" }, { "cve": "CVE-2021-22876", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "summary", "text": "curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22876 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22876 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22876.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22876" }, { "cve": "CVE-2021-22883", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "summary", "text": "Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an \u0027unknownProtocol\u0027 are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22883 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22883 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22883.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22883" }, { "cve": "CVE-2021-22884", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes \u201clocalhost6\u201d. When \u201clocalhost6\u201d is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim\u0027s DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the \u201clocalhost6\u201d domain. As long as the attacker uses the \u201clocalhost6\u201d domain, they can still apply the attack described in CVE-2018-7160.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22884 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22884 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22884.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22884" }, { "cve": "CVE-2021-22890", "cwe": { "id": "CWE-290", "name": "Authentication Bypass by Spoofing" }, "notes": [ { "category": "summary", "text": "curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly \"short-cut\" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22890 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22890 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22890.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22890" }, { "cve": "CVE-2021-22897", "cwe": { "id": "CWE-668", "name": "Exposure of Resource to Wrong Sphere" }, "notes": [ { "category": "summary", "text": "curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single \"static\" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22897 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22897 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22897.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22897" }, { "cve": "CVE-2021-22898", "cwe": { "id": "CWE-909", "name": "Missing Initialization of Resource" }, "notes": [ { "category": "summary", "text": "curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22898 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22898 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22898.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22898" }, { "cve": "CVE-2021-22901", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "summary", "text": "curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22901 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22901 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22901.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22901" }, { "cve": "CVE-2021-22918", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22918 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22918 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22918.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22918" }, { "cve": "CVE-2021-22921", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "notes": [ { "category": "summary", "text": "Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22921 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22921 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22921.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22921" }, { "cve": "CVE-2021-22922", "cwe": { "id": "CWE-354", "name": "Improper Validation of Integrity Check Value" }, "notes": [ { "category": "summary", "text": "When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22922 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22922 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22922.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22922" }, { "cve": "CVE-2021-22923", "cwe": { "id": "CWE-522", "name": "Insufficiently Protected Credentials" }, "notes": [ { "category": "summary", "text": "When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user\u0027s expectations and intentions and without telling the user it happened.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22923 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22923 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22923.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22923" }, { "cve": "CVE-2021-22924", "cwe": { "id": "CWE-706", "name": "Use of Incorrectly-Resolved Name or Reference" }, "notes": [ { "category": "summary", "text": "libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths _case insensitively_,which could lead to libcurl reusing wrong connections. File paths are, or can be, case sensitive on many systems but not all, and can even vary depending on used file systems. The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can set to qualify how to verify the server certificate.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22924 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22924 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22924.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22924" }, { "cve": "CVE-2021-22925", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "notes": [ { "category": "summary", "text": "curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEW_ENV variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22925 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22925 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22925.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22925" }, { "cve": "CVE-2021-22926", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "notes": [ { "category": "summary", "text": "libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the CURLOPT_SSLCERT option (--cert with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like /tmp), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22926 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22926 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22926.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22926" }, { "cve": "CVE-2021-22930", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "summary", "text": "Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22930 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22930 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22930.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22930" }, { "cve": "CVE-2021-22931", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22931 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22931 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22931.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22931" }, { "cve": "CVE-2021-22939", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "notes": [ { "category": "summary", "text": "If the Node.js https API was used incorrectly and \"undefined\" was in passed for the \"rejectUnauthorized\" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22939 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22939 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22939.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22939" }, { "cve": "CVE-2021-22940", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "summary", "text": "Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22940 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22940 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22940.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22940" }, { "cve": "CVE-2021-22945", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "summary", "text": "When sending data to an MQTT server, libcurl \u003c= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it _again_.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22945 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22945 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22945.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22945" }, { "cve": "CVE-2021-22946", "cwe": { "id": "CWE-319", "name": "Cleartext Transmission of Sensitive Information" }, "notes": [ { "category": "summary", "text": "A user can tell curl \u003e= 7.20.0 and \u003c= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (--ssl-reqd on the command line orCURLOPT_USE_SSL set to CURLUSESSL_CONTROL or CURLUSESSL_ALL withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations WITHOUTTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22946 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22946 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22946.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22946" }, { "cve": "CVE-2021-22947", "cwe": { "id": "CWE-345", "name": "Insufficient Verification of Data Authenticity" }, "notes": [ { "category": "summary", "text": "When curl \u003e= 7.20.0 and \u003c= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got _before_ the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker\u0027s injected data comes from the TLS-protected server.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-22947 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-22947 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-22947.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-22947" }, { "cve": "CVE-2021-23362", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-23362 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-23362 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-23362.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-23362" }, { "cve": "CVE-2021-23840", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "summary", "text": "Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-23840 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-23840 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-23840.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-23840" }, { "cve": "CVE-2021-25214", "cwe": { "id": "CWE-617", "name": "Reachable Assertion" }, "notes": [ { "category": "summary", "text": "In BIND 9.8.5 -\u003e 9.8.8, 9.9.3 -\u003e 9.11.29, 9.12.0 -\u003e 9.16.13, and versions BIND 9.9.3-S1 -\u003e 9.11.29-S1 and 9.16.8-S1 -\u003e 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -\u003e 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-25214 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-25214 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-25214.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-25214" }, { "cve": "CVE-2021-25215", "cwe": { "id": "CWE-617", "name": "Reachable Assertion" }, "notes": [ { "category": "summary", "text": "In BIND 9.0.0 -\u003e 9.11.29, 9.12.0 -\u003e 9.16.13, and versions BIND 9.9.3-S1 -\u003e 9.11.29-S1 and 9.16.8-S1 -\u003e 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -\u003e 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-25215 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-25215 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-25215.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-25215" }, { "cve": "CVE-2021-25216", "cwe": { "id": "CWE-617", "name": "Reachable Assertion" }, "notes": [ { "category": "summary", "text": "In BIND 9.5.0 -\u003e 9.11.29, 9.12.0 -\u003e 9.16.13, and versions BIND 9.11.3-S1 -\u003e 9.11.29-S1 and 9.16.8-S1 -\u003e 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -\u003e 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND\u0027s default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-25216 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-25216 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-25216.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-25216" }, { "cve": "CVE-2021-25219", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "In BIND 9.3.0 -\u003e 9.11.35, 9.12.0 -\u003e 9.16.21, and versions 9.9.3-S1 -\u003e 9.11.35-S1 and 9.16.8-S1 -\u003e 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -\u003e 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-25219 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-25219 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-25219.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-25219" }, { "cve": "CVE-2021-27290", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-27290 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-27290 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-27290.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-27290" }, { "cve": "CVE-2021-32803", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "notes": [ { "category": "summary", "text": "The npm package \"tar\" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. This order of operations resulted in the directory being created and added to the node-tar directory cache. When a directory is present in the directory cache, subsequent calls to mkdir for that directory are skipped. However, this is also where node-tar checks for symlinks occur. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. This issue was addressed in releases 3.2.3, 4.4.15, 5.0.7 and 6.1.2.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-32803 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-32803 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-32803.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-32803" }, { "cve": "CVE-2021-32804", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "notes": [ { "category": "summary", "text": "The npm package \"tar\" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This is achieved by stripping the absolute path root from any absolute file paths contained in a tar file. For example /home/user/.bashrc would turn into home/user/.bashrc. This logic was insufficient when file paths contained repeated path roots such as ////home/user/.bashrc. node-tar would only strip a single path root from such paths. When given an absolute file path with repeating path roots, the resulting path (e.g. ///home/user/.bashrc) would still resolve to an absolute path, thus allowing arbitrary file creation and overwrite. This issue was addressed in releases 3.2.2, 4.4.14, 5.0.6 and 6.1.1. Users may work around this vulnerability without upgrading by creating a custom onentry method which sanitizes the entry.path or a filter method which removes entries with absolute paths. See referenced GitHub Advisory for details. Be aware of CVE-2021-32803 which fixes a similar bug in later versions of tar.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-32804 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-32804 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-32804.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-32804" }, { "cve": "CVE-2021-37701", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "notes": [ { "category": "summary", "text": "The npm package \"tar\" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory, where the symlink and directory names in the archive entry used backslashes as a path separator on posix systems. The cache checking logic used both \\ and / characters as path separators, however \\ is a valid filename character on posix systems. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. Additionally, a similar confusion could arise on case-insensitive filesystems. If a tar archive contained a directory at FOO, followed by a symbolic link named foo, then on case-insensitive file systems, the creation of the symbolic link would remove the directory from the filesystem, but _not_ from the internal directory cache, as it would not be treated as a cache hit. A subsequent file entry within the FOO directory would then be placed in the target of the symbolic link, thinking that the directory had already been created. These issues were addressed in releases 4.4.16, 5.0.8 and 6.1.7. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-9r2w-394v-53qc.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-37701 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-37701 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-37701.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-37701" }, { "cve": "CVE-2021-37712", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)" }, "notes": [ { "category": "summary", "text": "The npm package \"tar\" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 \"short path\" counterparts. A specially crafted tar archive could thus include a directory with one form of the path, followed by a symbolic link with a different string that resolves to the same file system entity, followed by a file using the first form. By first creating a directory, and then replacing that directory with a symlink that had a different apparent name that resolved to the same entry in the filesystem, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-qq89-hq3f-393p.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-37712 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-37712 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-37712.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-37712" }, { "cve": "CVE-2021-37713", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "notes": [ { "category": "summary", "text": "The npm package \"tar\" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain .. path portions, and resolving the sanitized paths against the extraction target directory. This logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as C:some\\path. If the drive letter does not match the extraction target, for example D:\\extraction\\dir, then the result of path.resolve(extractionDirectory, entryPath) would resolve against the current working directory on the C: drive, rather than the extraction target directory. Additionally, a .. portion of the path could occur immediately after the drive letter, such as C:../foo, and was not properly sanitized by the logic that checked for .. within the normalized and split portions of the path. This only affects users of node-tar on Windows systems. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. There is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does. Users are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-37713 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-37713 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-37713.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-37713" }, { "cve": "CVE-2021-39134", "cwe": { "id": "CWE-61", "name": "UNIX Symbolic Link (Symlink) Following" }, "notes": [ { "category": "summary", "text": "@npmcli/arborist, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in package.json manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist\u0027s internal data structure saw them as separate items that could coexist within the same level in the node_modules hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as file:/some/path, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package pwn-a could define a dependency in their package.json file such as \"foo\": \"file:/some/path\". Another package, pwn-b could define a dependency such as FOO: \"file:foo.tgz\". On case-insensitive file systems, if pwn-a was installed, and then pwn-b was installed afterwards, the contents of foo.tgz would be written to /some/path, and any existing contents of /some/path would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-39134 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-39134 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-39134.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-39134" }, { "cve": "CVE-2021-39135", "cwe": { "id": "CWE-61", "name": "UNIX Symbolic Link (Symlink) Following" }, "notes": [ { "category": "summary", "text": "@npmcli/arborist, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project\u0027s node_modules folder. If the node_modules folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system. Note that symbolic links contained within package artifact contents are filtered out, so another means of creating a node_modules symbolic link would have to be employed. 1. A preinstall script could replace node_modules with a symlink. (This is prevented by using --ignore-scripts.) 2. An attacker could supply the target with a git repository, instructing them to run npm install --ignore-scripts in the root. This may be successful, because npm install --ignore-scripts is typically not capable of making changes outside of the project directory, so it may be deemed safe. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above. For more information including workarounds please see the referenced GHSA-gmw6-94gg-2rc2.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2021-39135 - SINEC INS", "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "summary": "CVE-2021-39135 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-39135.json" } ], "remediations": [ { "category": "vendor_fix", "details": "Update to V1.0.1.1 or later version", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/ww/en/view/109806100/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2021-39135" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.