var-202102-1093
Vulnerability from variot
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. GNOME GLib Is vulnerable to a conversion error between numeric types.Denial of service (DoS) It may be put into a state. Currently there is no information about this vulnerability. Please keep an eye on CNNVD or manufacturer announcements. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)
-
console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)
Bug fixes:
-
RHACM 2.2.4 images (BZ# 1957254)
-
Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)
-
ACM Operator should support using the default route TLS (BZ# 1955270)
-
The scrolling bar for search filter does not work properly (BZ# 1956852)
-
Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)
-
The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)
-
Unable to make SSH connection to a Bitbucket server (BZ# 1966513)
-
Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)
-
Bugs fixed (https://bugzilla.redhat.com/):
1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message
-
6 ELS) - i386, noarch, s390x, x86_64
-
Bugs fixed (https://bugzilla.redhat.com/):
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
- JIRA issues fixed (https://issues.jboss.org/):
TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.16. See the following advisories for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2287
Space precludes documenting all of the container images in this advisory.
Additional Changes:
This update also fixes several bugs. Documentation for these changes is available from the Release Notes document linked to in the References section. Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1889659 - [Assisted-4.6] [cluster validation] Number of hosts validation is not enforced when Automatic role assigned
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1932638 - Removing ssh keys MC does not remove the key from authorized_keys
1934180 - vsphere-problem-detector should check if datastore is part of datastore cluster
1937396 - when kuryr quotas are unlimited, we should not sent alerts
1939014 - [OSP] First public endpoint is used to fetch ignition config from Glance URL (with multiple endpoints) on OSP
1939553 - Binary file uploaded to a secret in OCP 4 GUI is not properly converted to Base64-encoded string
1940275 - [IPI Baremetal] Revert Sending full ignition to masters
1942603 - [4.7z] Network policies in ovn-kubernetes don't support external traffic from router when the endpoint publishing strategy is HostNetwork
1944046 - Warn users when using an unsupported browser such as IE
1944575 - Duplicate alert rules are displayed on console for thanos-querier api return wrong results
1945702 - Operator dependency not consistently chosen from default channel
1946682 - [OVN] Source IP is not EgressIP if configured allow 0.0.0.0/0 in the EgressFirewall
1947091 - Incorrect skipped status for conditional tasks in the pipeline run
1947427 - Bootstrap ignition shim doesn't follow proxy settings
1948398 - [oVirt] remove ovirt_cafile from ovirt-credentials secret
1949541 - Kuryr-Controller crashes when it's missing the status object
1950290 - KubeClientCertificateExpiration alert is confusing, without explanation in the documentation
1951210 - Pod log filename no longer in
- These packages include redhat-release-virtualization-host. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: glib2 security update Advisory ID: RHSA-2021:2171-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2171 Issue date: 2021-06-01 CVE Names: CVE-2021-27219 ==================================================================== 1. Summary:
An update for glib2 is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64
- Description:
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux BaseOS EUS (v. 8.2):
Source: glib2-2.56.4-8.el8_2.1.src.rpm
aarch64: glib2-2.56.4-8.el8_2.1.aarch64.rpm glib2-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm glib2-debugsource-2.56.4-8.el8_2.1.aarch64.rpm glib2-devel-2.56.4-8.el8_2.1.aarch64.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm glib2-fam-2.56.4-8.el8_2.1.aarch64.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm glib2-tests-2.56.4-8.el8_2.1.aarch64.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm
ppc64le: glib2-2.56.4-8.el8_2.1.ppc64le.rpm glib2-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm glib2-debugsource-2.56.4-8.el8_2.1.ppc64le.rpm glib2-devel-2.56.4-8.el8_2.1.ppc64le.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm glib2-fam-2.56.4-8.el8_2.1.ppc64le.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm glib2-tests-2.56.4-8.el8_2.1.ppc64le.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm
s390x: glib2-2.56.4-8.el8_2.1.s390x.rpm glib2-debuginfo-2.56.4-8.el8_2.1.s390x.rpm glib2-debugsource-2.56.4-8.el8_2.1.s390x.rpm glib2-devel-2.56.4-8.el8_2.1.s390x.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.s390x.rpm glib2-fam-2.56.4-8.el8_2.1.s390x.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.s390x.rpm glib2-tests-2.56.4-8.el8_2.1.s390x.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.s390x.rpm
x86_64: glib2-2.56.4-8.el8_2.1.i686.rpm glib2-2.56.4-8.el8_2.1.x86_64.rpm glib2-debuginfo-2.56.4-8.el8_2.1.i686.rpm glib2-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm glib2-debugsource-2.56.4-8.el8_2.1.i686.rpm glib2-debugsource-2.56.4-8.el8_2.1.x86_64.rpm glib2-devel-2.56.4-8.el8_2.1.i686.rpm glib2-devel-2.56.4-8.el8_2.1.x86_64.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.i686.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm glib2-fam-2.56.4-8.el8_2.1.x86_64.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.i686.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm glib2-tests-2.56.4-8.el8_2.1.x86_64.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.i686.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm
Red Hat CodeReady Linux Builder EUS (v. 8.2):
aarch64: glib2-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm glib2-debugsource-2.56.4-8.el8_2.1.aarch64.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm glib2-static-2.56.4-8.el8_2.1.aarch64.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm
noarch: glib2-doc-2.56.4-8.el8_2.1.noarch.rpm
ppc64le: glib2-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm glib2-debugsource-2.56.4-8.el8_2.1.ppc64le.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm glib2-static-2.56.4-8.el8_2.1.ppc64le.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm
s390x: glib2-debuginfo-2.56.4-8.el8_2.1.s390x.rpm glib2-debugsource-2.56.4-8.el8_2.1.s390x.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.s390x.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.s390x.rpm glib2-static-2.56.4-8.el8_2.1.s390x.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.s390x.rpm
x86_64: glib2-debuginfo-2.56.4-8.el8_2.1.i686.rpm glib2-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm glib2-debugsource-2.56.4-8.el8_2.1.i686.rpm glib2-debugsource-2.56.4-8.el8_2.1.x86_64.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.i686.rpm glib2-devel-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.i686.rpm glib2-fam-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm glib2-static-2.56.4-8.el8_2.1.i686.rpm glib2-static-2.56.4-8.el8_2.1.x86_64.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.i686.rpm glib2-tests-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-27219 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYLYSUtzjgjWX9erEAQigAA/9EhfhmrkuseIrzspPL0ME+D+MCaLLpDcm ro5B0q7wek8/SN8molY9yFH8PEpVKIk0Lz7/y+LorYDit4HGubeNa1HVzoquhb+E 3ftxdeidiUkfAEv108GmUpiHXj6maqYG95xG8lAyUu8ZgVKwCTOdi2Ea66q7DeNo BvXt4c11diL7+4uONgcghj4h54JdA5tyatX8Y76mhCuhfpn4r6L2LsPjTZfNAwPy yXLjgp0DtT737+gB83dp+93gyw/AnoIw2P/IApUtVt7foBomt213Op3Fh+kpH5S9 dQBZwY+oYD4LdGZgXJMkRltoV/5spix8FUHiKvmW40PwCH4HDjnFyvYZFEfXscDq xDue+kJB+hJSv9MWOp3fG3h1kcXbAJRsT3dxBiShUeHKzpCXLyQUm/DPSCHKvrtI k8LSAxn+ZxXBN4nMYBQRcq2hdTnEzIAeWhwPRtq8RPhPZ1FsNKkNBJgjoFHrypt3 /3s24PpPgdYhZ9kAy/KICiNShU0DCjzWXdz+2zCQU8/vBxKC1zddDDUkPrDZNOTh mhX8xLNCNhewHsyjmgcqgFzJIdwlUU6Ih6rOrcZ4Nwus/zjrQJ8mOndbYQHkYUZ8 m8Gecdlf+wjXuBgWOCEU04MeXGEZIzoqAq6/iJnxFEtGqeaU2TxpNXO0/3jcCklP XJsVbifgTdw=xS3v -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 7.2) - noarch, x86_64
- Description:
The OpenShift Container Storage solution provides persistent storage service for OpenShift Containers and OpenShift Infrastructure services
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-1093", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "e-series performance analyzer", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "brocade fabric operating system", "scope": "eq", "trust": 1.0, "vendor": "broadcom", "version": null }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "glib", "scope": "gte", "trust": 1.0, "vendor": "gnome", "version": "2.67.0" }, { "model": "glib", "scope": "lt", "trust": 1.0, "vendor": "gnome", "version": "2.66.6" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "33" }, { "model": "glib", "scope": "lt", "trust": 1.0, "vendor": "gnome", "version": "2.67.3" }, { "model": "active iq unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "glib", "scope": null, "trust": 0.8, "vendor": "gnome", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-003857" }, { "db": "NVD", "id": "CVE-2021-27219" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.66.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.67.3", "versionStartIncluding": "2.67.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-27219" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "163188" }, { "db": "PACKETSTORM", "id": "163191" }, { "db": "PACKETSTORM", "id": "163267" }, { "db": "PACKETSTORM", "id": "163149" }, { "db": "PACKETSTORM", "id": "163240" }, { "db": "PACKETSTORM", "id": "162889" }, { "db": "PACKETSTORM", "id": "162929" }, { "db": "PACKETSTORM", "id": "164452" } ], "trust": 0.8 }, "cve": "CVE-2021-27219", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-27219", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-386440", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-27219", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-27219", "trust": 1.8, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-386440", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-27219", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-386440" }, { "db": "VULMON", "id": "CVE-2021-27219" }, { "db": "JVNDB", "id": "JVNDB-2021-003857" }, { "db": "NVD", "id": "CVE-2021-27219" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. GNOME GLib Is vulnerable to a conversion error between numeric types.Denial of service (DoS) It may be put into a state. Currently there is no information about this vulnerability. Please keep an eye on CNNVD or manufacturer announcements. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. 6 ELS) - i386, noarch, s390x, x86_64\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project\n\n6. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.16. See the following advisories for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHBA-2287\n\nSpace precludes documenting all of the container images in this advisory. \n\nAdditional Changes:\n\nThis update also fixes several bugs. Documentation for these changes is\navailable from the Release Notes document linked to in the References\nsection. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1889659 - [Assisted-4.6] [cluster validation] Number of hosts validation is not enforced when Automatic role assigned\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1932638 - Removing ssh keys MC does not remove the key from authorized_keys\n1934180 - vsphere-problem-detector should check if datastore is part of datastore cluster\n1937396 - when kuryr quotas are unlimited, we should not sent alerts\n1939014 - [OSP] First public endpoint is used to fetch ignition config from Glance URL (with multiple endpoints) on OSP\n1939553 - Binary file uploaded to a secret in OCP 4 GUI is not properly converted to Base64-encoded string\n1940275 - [IPI Baremetal] Revert Sending full ignition to masters\n1942603 - [4.7z] Network policies in ovn-kubernetes don\u0027t support external traffic from router when the endpoint publishing strategy is HostNetwork\n1944046 - Warn users when using an unsupported browser such as IE\n1944575 - Duplicate alert rules are displayed on console for thanos-querier api return wrong results\n1945702 - Operator dependency not consistently chosen from default channel\n1946682 - [OVN] Source IP is not EgressIP if configured allow 0.0.0.0/0 in the EgressFirewall\n1947091 - Incorrect skipped status for conditional tasks in the pipeline run\n1947427 - Bootstrap ignition shim doesn\u0027t follow proxy settings\n1948398 - [oVirt] remove ovirt_cafile from ovirt-credentials secret\n1949541 - Kuryr-Controller crashes when it\u0027s missing the status object\n1950290 - KubeClientCertificateExpiration alert is confusing, without explanation in the documentation\n1951210 - Pod log filename no longer in \u003cpod-name\u003e-\u003ccontainer-name\u003e.log format\n1953475 - worker pool went degraded due to no rpm-ostree on rhel worker during applying new mc\n1954121 - [ceo] [release-4.7] Operator goes degraded when a second internal node ip is added after install\n1955210 - OCP 4.6 Build fails when filename contains an umlaut\n1955418 - 4.8 -\u003e 4.7 rollbacks broken on unrecognized flowschema openshift-etcd-operator\n1955482 - [4.7] Drop high-cardinality metrics from kube-state-metrics which aren\u0027t used\n1955600 - e2e unidling test flakes in CI\n1956565 - Need ACM Managed Cluster Info metric enabled for OCP monitoring telemetry\n1956980 - OVN-Kubernetes leaves stale AddressSets around if the deletion was missed. \n1957308 - Customer tags cannot be seen in S3 level when set spec.managementState from Managed-\u003e Removed-\u003e Managed in configs.imageregistry with high ratio\n1957499 - OperatorHub - console accepts any value for \"Infrastructure features\" annotation\n1958416 - openshift-oauth-apiserver apiserver pod crashloopbackoffs\n1958467 - [4.7] Webscale: sriov vfs are not created and sriovnetworknodestate indicates sync succeeded - state is not correct\n1958873 - Device Replacemet UI, The status of the disk is \"replacement ready\" before I clicked on \"start replacement\"\n1959546 - [4.7] storage-operator/vsphere-problem-detector causing upgrades to fail that would have succeeded in past versions\n1959737 - Unable to assign nodes for EgressIP even if the egress-assignable label is set\n1960093 - Console not works well against a proxy in front of openshift clusters\n1960111 - Port 8080 of oVirt CSI driver is causing collisions with other services\n1960542 - manifests: invalid selector in ServiceMonitor makes CVO hotloop\n1960544 - Overly generic CSS rules for dd and dt elements breaks styling elsewhere in console\n1960562 - manifests: invalid selector in ServiceMonitor makes CVO hotloop\n1960589 - manifests: extra \"spec.version\" in console quickstarts makes CVO hotloop\n1960645 - [Backport 4.7] Add virt_platform metric to the collected metrics\n1960686 - GlobalConfigPage is constantly requesting resources\n1961069 - CMO end-to-end tests work only on AWS\n1961367 - Conformance tests for OpenStack require the Cinder client that is not included in the \"tests\" image\n1961518 - manifests: invalid selector in ServiceMonitor makes CVO hotloop\n1961557 - [release-4.7] respect the shutdown-delay-duration from OpenShiftAPIServerConfig\n1961719 - manifests: invalid namespace in ClusterRoleBinding makes CVO hotloop\n1961887 - TaskRuns Tab in PipelineRun Details Page makes cluster based calls for TaskRuns\n1962314 - openshift-marketplace pods in CrashLoopBackOff state after RHACS installed with an SCC with readOnlyFileSystem set to true\n1962493 - Kebab menu of taskrun contains Edit options which should not be present\n1962637 - Nodes tainted after configuring additional host iface\n1962819 - OCP v4.7 installation with OVN-Kubernetes fails with error \"egress bandwidth restriction -1 is not equals\"\n1962949 - e2e-metal-ipi and related jobs fail to bootstrap due to multipe VIP\u0027s\n1963141 - packageserver clusteroperator Available condition set to false on any Deployment spec change\n1963243 - HAproxy pod logs showing error \"another server named \u0027pod:httpd-7c7ccfffdc-wdkvk:httpd:8080-tcp:10.128.x.x:8080\u0027 was already defined at line 326, please use distinct names\"\n1964322 - UI, The status of \"Used Capacity Breakdown [Pods]\" is \"Not available\"\n1964568 - Failed to upgrade from 4.6.25 to 4.7.8 due to the machine-config degradation\n1965075 - [4.7z] After upgrade from 4.5.16 to 4.6.17, customer\u0027s application is seeing re-transmits\n1965932 - [oauth-server] bump k8s.io/apiserver to 1.20.3\n1966358 - Build failure on s390x\n1966798 - [tests] Release 4.7 broken due to the usage of wrong OCS version\n1966810 - Failing Test vendor/k8s.io/kube-aggregator/pkg/apiserver TestProxyCertReload due to hardcoded certificate expiration\n1967328 - [IBM][ROKS] Enable volume snapshot controllers on IBM Cloud\n1967966 - prometheus-k8s pods can\u0027t be scheduled due to volume node affinity conflict\n1967972 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews\n1970322 - [OVN]EgressFirewall doesn\u0027t work well as expected\n\n5. \nThese packages include redhat-release-virtualization-host. \nRHVH features a Cockpit user interface for monitoring the host\u0027s resources\nand\nperforming administrative tasks. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: glib2 security update\nAdvisory ID: RHSA-2021:2171-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2171\nIssue date: 2021-06-01\nCVE Names: CVE-2021-27219\n====================================================================\n1. Summary:\n\nAn update for glib2 is now available for Red Hat Enterprise Linux 8.2\nExtended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nGLib provides the core application building blocks for libraries and\napplications written in C. It provides the core object system used in\nGNOME, the main loop implementation, and a large set of utility functions\nfor strings and common data structures. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux BaseOS EUS (v. 8.2):\n\nSource:\nglib2-2.56.4-8.el8_2.1.src.rpm\n\naarch64:\nglib2-2.56.4-8.el8_2.1.aarch64.rpm\nglib2-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm\nglib2-debugsource-2.56.4-8.el8_2.1.aarch64.rpm\nglib2-devel-2.56.4-8.el8_2.1.aarch64.rpm\nglib2-devel-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm\nglib2-fam-2.56.4-8.el8_2.1.aarch64.rpm\nglib2-fam-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm\nglib2-tests-2.56.4-8.el8_2.1.aarch64.rpm\nglib2-tests-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm\n\nppc64le:\nglib2-2.56.4-8.el8_2.1.ppc64le.rpm\nglib2-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm\nglib2-debugsource-2.56.4-8.el8_2.1.ppc64le.rpm\nglib2-devel-2.56.4-8.el8_2.1.ppc64le.rpm\nglib2-devel-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm\nglib2-fam-2.56.4-8.el8_2.1.ppc64le.rpm\nglib2-fam-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm\nglib2-tests-2.56.4-8.el8_2.1.ppc64le.rpm\nglib2-tests-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm\n\ns390x:\nglib2-2.56.4-8.el8_2.1.s390x.rpm\nglib2-debuginfo-2.56.4-8.el8_2.1.s390x.rpm\nglib2-debugsource-2.56.4-8.el8_2.1.s390x.rpm\nglib2-devel-2.56.4-8.el8_2.1.s390x.rpm\nglib2-devel-debuginfo-2.56.4-8.el8_2.1.s390x.rpm\nglib2-fam-2.56.4-8.el8_2.1.s390x.rpm\nglib2-fam-debuginfo-2.56.4-8.el8_2.1.s390x.rpm\nglib2-tests-2.56.4-8.el8_2.1.s390x.rpm\nglib2-tests-debuginfo-2.56.4-8.el8_2.1.s390x.rpm\n\nx86_64:\nglib2-2.56.4-8.el8_2.1.i686.rpm\nglib2-2.56.4-8.el8_2.1.x86_64.rpm\nglib2-debuginfo-2.56.4-8.el8_2.1.i686.rpm\nglib2-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm\nglib2-debugsource-2.56.4-8.el8_2.1.i686.rpm\nglib2-debugsource-2.56.4-8.el8_2.1.x86_64.rpm\nglib2-devel-2.56.4-8.el8_2.1.i686.rpm\nglib2-devel-2.56.4-8.el8_2.1.x86_64.rpm\nglib2-devel-debuginfo-2.56.4-8.el8_2.1.i686.rpm\nglib2-devel-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm\nglib2-fam-2.56.4-8.el8_2.1.x86_64.rpm\nglib2-fam-debuginfo-2.56.4-8.el8_2.1.i686.rpm\nglib2-fam-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm\nglib2-tests-2.56.4-8.el8_2.1.x86_64.rpm\nglib2-tests-debuginfo-2.56.4-8.el8_2.1.i686.rpm\nglib2-tests-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm\n\nRed Hat CodeReady Linux Builder EUS (v. 8.2):\n\naarch64:\nglib2-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm\nglib2-debugsource-2.56.4-8.el8_2.1.aarch64.rpm\nglib2-devel-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm\nglib2-fam-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm\nglib2-static-2.56.4-8.el8_2.1.aarch64.rpm\nglib2-tests-debuginfo-2.56.4-8.el8_2.1.aarch64.rpm\n\nnoarch:\nglib2-doc-2.56.4-8.el8_2.1.noarch.rpm\n\nppc64le:\nglib2-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm\nglib2-debugsource-2.56.4-8.el8_2.1.ppc64le.rpm\nglib2-devel-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm\nglib2-fam-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm\nglib2-static-2.56.4-8.el8_2.1.ppc64le.rpm\nglib2-tests-debuginfo-2.56.4-8.el8_2.1.ppc64le.rpm\n\ns390x:\nglib2-debuginfo-2.56.4-8.el8_2.1.s390x.rpm\nglib2-debugsource-2.56.4-8.el8_2.1.s390x.rpm\nglib2-devel-debuginfo-2.56.4-8.el8_2.1.s390x.rpm\nglib2-fam-debuginfo-2.56.4-8.el8_2.1.s390x.rpm\nglib2-static-2.56.4-8.el8_2.1.s390x.rpm\nglib2-tests-debuginfo-2.56.4-8.el8_2.1.s390x.rpm\n\nx86_64:\nglib2-debuginfo-2.56.4-8.el8_2.1.i686.rpm\nglib2-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm\nglib2-debugsource-2.56.4-8.el8_2.1.i686.rpm\nglib2-debugsource-2.56.4-8.el8_2.1.x86_64.rpm\nglib2-devel-debuginfo-2.56.4-8.el8_2.1.i686.rpm\nglib2-devel-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm\nglib2-fam-debuginfo-2.56.4-8.el8_2.1.i686.rpm\nglib2-fam-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm\nglib2-static-2.56.4-8.el8_2.1.i686.rpm\nglib2-static-2.56.4-8.el8_2.1.x86_64.rpm\nglib2-tests-debuginfo-2.56.4-8.el8_2.1.i686.rpm\nglib2-tests-debuginfo-2.56.4-8.el8_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-27219\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYLYSUtzjgjWX9erEAQigAA/9EhfhmrkuseIrzspPL0ME+D+MCaLLpDcm\nro5B0q7wek8/SN8molY9yFH8PEpVKIk0Lz7/y+LorYDit4HGubeNa1HVzoquhb+E\n3ftxdeidiUkfAEv108GmUpiHXj6maqYG95xG8lAyUu8ZgVKwCTOdi2Ea66q7DeNo\nBvXt4c11diL7+4uONgcghj4h54JdA5tyatX8Y76mhCuhfpn4r6L2LsPjTZfNAwPy\nyXLjgp0DtT737+gB83dp+93gyw/AnoIw2P/IApUtVt7foBomt213Op3Fh+kpH5S9\ndQBZwY+oYD4LdGZgXJMkRltoV/5spix8FUHiKvmW40PwCH4HDjnFyvYZFEfXscDq\nxDue+kJB+hJSv9MWOp3fG3h1kcXbAJRsT3dxBiShUeHKzpCXLyQUm/DPSCHKvrtI\nk8LSAxn+ZxXBN4nMYBQRcq2hdTnEzIAeWhwPRtq8RPhPZ1FsNKkNBJgjoFHrypt3\n/3s24PpPgdYhZ9kAy/KICiNShU0DCjzWXdz+2zCQU8/vBxKC1zddDDUkPrDZNOTh\nmhX8xLNCNhewHsyjmgcqgFzJIdwlUU6Ih6rOrcZ4Nwus/zjrQJ8mOndbYQHkYUZ8\nm8Gecdlf+wjXuBgWOCEU04MeXGEZIzoqAq6/iJnxFEtGqeaU2TxpNXO0/3jcCklP\nXJsVbifgTdw=xS3v\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 7.2) - noarch, x86_64\n\n3. Description:\n\nThe OpenShift Container Storage solution provides persistent storage\nservice for OpenShift Containers and OpenShift Infrastructure services", "sources": [ { "db": "NVD", "id": "CVE-2021-27219" }, { "db": "JVNDB", "id": "JVNDB-2021-003857" }, { "db": "VULHUB", "id": "VHN-386440" }, { "db": "VULMON", "id": "CVE-2021-27219" }, { "db": "PACKETSTORM", "id": "163188" }, { "db": "PACKETSTORM", "id": "163191" }, { "db": "PACKETSTORM", "id": "163267" }, { "db": "PACKETSTORM", "id": "163149" }, { "db": "PACKETSTORM", "id": "163240" }, { "db": "PACKETSTORM", "id": "162889" }, { "db": "PACKETSTORM", "id": "162929" }, { "db": "PACKETSTORM", "id": "164452" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-27219", "trust": 2.8 }, { "db": "JVNDB", "id": "JVNDB-2021-003857", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "163191", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "163149", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162889", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "163267", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "163240", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162929", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "164856", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161714", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162892", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163257", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162895", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162884", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163496", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162932", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163133", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163426", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162869", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162893", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162888", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163242", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-386440", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-27219", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "163188", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "164452", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-386440" }, { "db": "VULMON", "id": "CVE-2021-27219" }, { "db": "JVNDB", "id": "JVNDB-2021-003857" }, { "db": "PACKETSTORM", "id": "163188" }, { "db": "PACKETSTORM", "id": "163191" }, { "db": "PACKETSTORM", "id": "163267" }, { "db": "PACKETSTORM", "id": "163149" }, { "db": "PACKETSTORM", "id": "163240" }, { "db": "PACKETSTORM", "id": "162889" }, { "db": "PACKETSTORM", "id": "162929" }, { "db": "PACKETSTORM", "id": "164452" }, { "db": "NVD", "id": "CVE-2021-27219" } ] }, "id": "VAR-202102-1093", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-386440" } ], "trust": 0.725 }, "last_update_date": "2024-07-23T20:00:40.992000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2021-27219\u00a0(GHSL-2021-045)", "trust": 0.8, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jjmpndo4gdvuryqfykfowy5haf4ftepn/" }, { "title": "Amazon Linux AMI: ALAS-2021-1526", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2021-1526" }, { "title": "Amazon Linux 2: ALAS2-2021-1655", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1655" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-27219 log" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-27219 " }, { "title": "", "trust": 0.1, "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser " } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-27219" }, { "db": "JVNDB", "id": "JVNDB-2021-003857" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-681", "trust": 1.1 }, { "problemtype": "Incorrect conversion between numeric types (CWE-681) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-386440" }, { "db": "JVNDB", "id": "JVNDB-2021-003857" }, { "db": "NVD", "id": "CVE-2021-27219" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219" }, { "trust": 1.2, "url": "https://security.netapp.com/advisory/ntap-20210319-0004/" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/202107-13" }, { "trust": 1.2, "url": "https://gitlab.gnome.org/gnome/glib/-/issues/2319" }, { "trust": 1.2, "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3cdev.mina.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2rea7rvkn7zhrljoegbrqkjipzqpaelz/" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jjmpndo4gdvuryqfykfowy5haf4ftepn/" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-27219" }, { "trust": 0.8, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.8, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3114" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8286" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-28196" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-15358" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-13434" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-3842" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-13776" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24977" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8231" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-29362" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2017-14502" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8285" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9169" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-26116" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-29361" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3543" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3501" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-25648" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-27619" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3177" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-25692" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3326" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-25013" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-2708" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-23336" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8927" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-29363" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-28362" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-10228" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8284" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-27618" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jjmpndo4gdvuryqfykfowy5haf4ftepn/" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2rea7rvkn7zhrljoegbrqkjipzqpaelz/" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3cdev.mina.apache.org%3e" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/681.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-27219" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://alas.aws.amazon.com/alas-2021-1526.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21639" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28165" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28092" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-25037" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10878" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28935" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-25034" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-25035" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14866" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-25038" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26137" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21309" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21640" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28918" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24330" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-25042" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-25032" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-25041" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8648" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-25036" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27170" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25215" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24331" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3347" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24332" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10543" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-25039" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-25040" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12364" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2461" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2467" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20305" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2532" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23336" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3450" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3121" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3543" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3501" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2287" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24489" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25217" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25217" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/2974891" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24489" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2519" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2171" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2203" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3748" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25692" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-31525" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648" } ], "sources": [ { "db": "VULHUB", "id": "VHN-386440" }, { "db": "VULMON", "id": "CVE-2021-27219" }, { "db": "JVNDB", "id": "JVNDB-2021-003857" }, { "db": "PACKETSTORM", "id": "163188" }, { "db": "PACKETSTORM", "id": "163191" }, { "db": "PACKETSTORM", "id": "163267" }, { "db": "PACKETSTORM", "id": "163149" }, { "db": "PACKETSTORM", "id": "163240" }, { "db": "PACKETSTORM", "id": "162889" }, { "db": "PACKETSTORM", "id": "162929" }, { "db": "PACKETSTORM", "id": "164452" }, { "db": "NVD", "id": "CVE-2021-27219" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-386440" }, { "db": "VULMON", "id": "CVE-2021-27219" }, { "db": "JVNDB", "id": "JVNDB-2021-003857" }, { "db": "PACKETSTORM", "id": "163188" }, { "db": "PACKETSTORM", "id": "163191" }, { "db": "PACKETSTORM", "id": "163267" }, { "db": "PACKETSTORM", "id": "163149" }, { "db": "PACKETSTORM", "id": "163240" }, { "db": "PACKETSTORM", "id": "162889" }, { "db": "PACKETSTORM", "id": "162929" }, { "db": "PACKETSTORM", "id": "164452" }, { "db": "NVD", "id": "CVE-2021-27219" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-15T00:00:00", "db": "VULHUB", "id": "VHN-386440" }, { "date": "2021-02-15T00:00:00", "db": "VULMON", "id": "CVE-2021-27219" }, { "date": "2021-11-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-003857" }, { "date": "2021-06-17T17:53:22", "db": "PACKETSTORM", "id": "163188" }, { "date": "2021-06-17T17:57:29", "db": "PACKETSTORM", "id": "163191" }, { "date": "2021-06-23T16:08:25", "db": "PACKETSTORM", "id": "163267" }, { "date": "2021-06-15T14:59:25", "db": "PACKETSTORM", "id": "163149" }, { "date": "2021-06-22T19:32:24", "db": "PACKETSTORM", "id": "163240" }, { "date": "2021-06-01T15:11:50", "db": "PACKETSTORM", "id": "162889" }, { "date": "2021-06-03T14:50:03", "db": "PACKETSTORM", "id": "162929" }, { "date": "2021-10-08T15:35:28", "db": "PACKETSTORM", "id": "164452" }, { "date": "2021-02-15T17:15:13.137000", "db": "NVD", "id": "CVE-2021-27219" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-07T00:00:00", "db": "VULHUB", "id": "VHN-386440" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2021-27219" }, { "date": "2021-11-08T08:36:00", "db": "JVNDB", "id": "JVNDB-2021-003857" }, { "date": "2023-11-07T03:31:55.940000", "db": "NVD", "id": "CVE-2021-27219" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "163149" } ], "trust": 0.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "GNOME\u00a0GLib\u00a0 Vulnerability in conversion between numeric types in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-003857" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "overflow", "sources": [ { "db": "PACKETSTORM", "id": "163188" }, { "db": "PACKETSTORM", "id": "163191" }, { "db": "PACKETSTORM", "id": "163240" }, { "db": "PACKETSTORM", "id": "162889" }, { "db": "PACKETSTORM", "id": "162929" } ], "trust": 0.5 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.