--- hide: - toc --- # Security Overview ## Helm-Chart ##### Scan Results #### Chart Object: openhab/templates/common.yaml | Type | Misconfiguration ID | Check | Severity | Explaination | Links | |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| | Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |
Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.


Container 'hostpatch' of Deployment 'RELEASE-NAME-openhab' should set 'securityContext.allowPrivilegeEscalation' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001
| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'RELEASE-NAME-openhab' of Deployment 'RELEASE-NAME-openhab' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'hostpatch' of Deployment 'RELEASE-NAME-openhab' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| | Kubernetes Security Check | KSV011 | CPU not limited | LOW |
Expand... Enforcing CPU limits prevents DoS via resource exhaustion.


Container 'hostpatch' of Deployment 'RELEASE-NAME-openhab' should set 'resources.limits.cpu'
|
Expand...https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv011
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'RELEASE-NAME-openhab' of Deployment 'RELEASE-NAME-openhab' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'autopermissions' of Deployment 'RELEASE-NAME-openhab' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'hostpatch' of Deployment 'RELEASE-NAME-openhab' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'RELEASE-NAME-openhab' of Deployment 'RELEASE-NAME-openhab' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'autopermissions' of Deployment 'RELEASE-NAME-openhab' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'hostpatch' of Deployment 'RELEASE-NAME-openhab' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV015 | CPU requests not specified | LOW |
Expand... When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.


Container 'hostpatch' of Deployment 'RELEASE-NAME-openhab' should set 'resources.requests.cpu'
|
Expand...https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv015
| | Kubernetes Security Check | KSV016 | Memory requests not specified | LOW |
Expand... When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.


Container 'hostpatch' of Deployment 'RELEASE-NAME-openhab' should set 'resources.requests.memory'
|
Expand...https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv016
| | Kubernetes Security Check | KSV017 | Privileged container | HIGH |
Expand... Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.


Container 'hostpatch' of Deployment 'RELEASE-NAME-openhab' should set 'securityContext.privileged' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017
| | Kubernetes Security Check | KSV018 | Memory not limited | LOW |
Expand... Enforcing memory limits prevents DoS via resource exhaustion.


Container 'hostpatch' of Deployment 'RELEASE-NAME-openhab' should set 'resources.limits.memory'
|
Expand...https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv018
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'RELEASE-NAME-openhab' of Deployment 'RELEASE-NAME-openhab' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'autopermissions' of Deployment 'RELEASE-NAME-openhab' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'hostpatch' of Deployment 'RELEASE-NAME-openhab' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| | Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.


Container 'RELEASE-NAME-openhab' of Deployment 'RELEASE-NAME-openhab' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| | Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.


Container 'autopermissions' of Deployment 'RELEASE-NAME-openhab' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| | Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.


Container 'hostpatch' of Deployment 'RELEASE-NAME-openhab' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| | Kubernetes Security Check | KSV023 | hostPath volumes mounted | MEDIUM |
Expand... HostPath volumes must be forbidden.


Deployment 'RELEASE-NAME-openhab' should not set 'spec.template.volumes.hostPath'
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv023
| | Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW |
Expand... Containers should be forbidden from running with a root primary or supplementary GID.


Deployment 'RELEASE-NAME-openhab' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029
| ## Containers ##### Detected Containers tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 tccr.io/truecharts/openhab:v3.2.0@sha256:813f937332689854c808142b0b8af38edeed276e1c5a07bf4c77cb76ea6e7e61 ##### Scan Results #### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2) **alpine** | No Vulnerabilities found | |:---------------------------------| #### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2) **alpine** | No Vulnerabilities found | |:---------------------------------| #### Container: tccr.io/truecharts/openhab:v3.2.0@sha256:813f937332689854c808142b0b8af38edeed276e1c5a07bf4c77cb76ea6e7e61 (debian 11.1) **debian** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 2.2.4 | |
Expand...https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| | bsdutils | CVE-2021-3995 | MEDIUM | 2.36.1-8 | 2.36.1-8+deb11u1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | bsdutils | CVE-2021-3996 | MEDIUM | 2.36.1-8 | 2.36.1-8+deb11u1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | bsdutils | CVE-2022-0563 | LOW | 2.36.1-8 | |
Expand...https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
| | coreutils | CVE-2016-2781 | LOW | 8.32-4 | |
Expand...http://seclists.org/oss-sec/2016/q1/452
http://www.openwall.com/lists/oss-security/2016/02/28/2
http://www.openwall.com/lists/oss-security/2016/02/28/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lore.kernel.org/patchwork/patch/793178/
| | coreutils | CVE-2017-18018 | LOW | 8.32-4 | |
Expand...http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
| | curl | CVE-2021-22945 | CRITICAL | 7.74.0-1.3+deb11u1 | |
Expand...http://seclists.org/fulldisclosure/2022/Mar/29
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22945.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22945
https://hackerone.com/reports/1269242
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://security.netapp.com/advisory/ntap-20211029-0003/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://www.oracle.com/security-alerts/cpuoct2021.html
| | curl | CVE-2021-22946 | HIGH | 7.74.0-1.3+deb11u1 | |
Expand...http://seclists.org/fulldisclosure/2022/Mar/29
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22946.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946
https://hackerone.com/reports/1334111
https://linux.oracle.com/cve/CVE-2021-22946.html
https://linux.oracle.com/errata/ELSA-2021-4059.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://security.netapp.com/advisory/ntap-20211029-0003/
https://security.netapp.com/advisory/ntap-20220121-0008/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://ubuntu.com/security/notices/USN-5079-2
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | curl | CVE-2021-22947 | MEDIUM | 7.74.0-1.3+deb11u1 | |
Expand...http://seclists.org/fulldisclosure/2022/Mar/29
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22947.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947
https://hackerone.com/reports/1334763
https://launchpad.net/bugs/1944120 (regression bug)
https://linux.oracle.com/cve/CVE-2021-22947.html
https://linux.oracle.com/errata/ELSA-2021-4059.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://security.netapp.com/advisory/ntap-20211029-0003/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://ubuntu.com/security/notices/USN-5079-2
https://ubuntu.com/security/notices/USN-5079-3
https://ubuntu.com/security/notices/USN-5079-4
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | curl | CVE-2021-22898 | LOW | 7.74.0-1.3+deb11u1 | |
Expand...http://www.openwall.com/lists/oss-security/2021/07/21/4
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22898.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898
https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
https://hackerone.com/reports/1176461
https://linux.oracle.com/cve/CVE-2021-22898.html
https://linux.oracle.com/errata/ELSA-2021-4511.html
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/
https://ubuntu.com/security/notices/USN-5021-1
https://ubuntu.com/security/notices/USN-5021-2
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | curl | CVE-2021-22922 | LOW | 7.74.0-1.3+deb11u1 | |
Expand...https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22922.html
https://hackerone.com/reports/1213175
https://linux.oracle.com/cve/CVE-2021-22922.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| | curl | CVE-2021-22923 | LOW | 7.74.0-1.3+deb11u1 | |
Expand...https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22923.html
https://hackerone.com/reports/1213181
https://linux.oracle.com/cve/CVE-2021-22923.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| | curl | CVE-2021-22924 | LOW | 7.74.0-1.3+deb11u1 | |
Expand...https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22924.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924
https://hackerone.com/reports/1223565
https://linux.oracle.com/cve/CVE-2021-22924.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://ubuntu.com/security/notices/USN-5021-1
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libapt-pkg6.0 | CVE-2011-3374 | LOW | 2.2.4 | |
Expand...https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| | libblkid1 | CVE-2021-3995 | MEDIUM | 2.36.1-8 | 2.36.1-8+deb11u1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | libblkid1 | CVE-2021-3996 | MEDIUM | 2.36.1-8 | 2.36.1-8+deb11u1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | libblkid1 | CVE-2022-0563 | LOW | 2.36.1-8 | |
Expand...https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
| | libc-bin | CVE-2021-33574 | CRITICAL | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://linux.oracle.com/cve/CVE-2021-33574.html
https://linux.oracle.com/errata/ELSA-2021-9560.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/
https://security.gentoo.org/glsa/202107-07
https://security.netapp.com/advisory/ntap-20210629-0005/
https://sourceware.org/bugzilla/show_bug.cgi?id=27896
https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1
| | libc-bin | CVE-2022-23218 | CRITICAL | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23218
https://linux.oracle.com/cve/CVE-2022-23218.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://sourceware.org/bugzilla/show_bug.cgi?id=28768
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
| | libc-bin | CVE-2022-23219 | CRITICAL | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23219
https://linux.oracle.com/cve/CVE-2022-23219.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://sourceware.org/bugzilla/show_bug.cgi?id=22542
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
| | libc-bin | CVE-2021-3999 | HIGH | 2.31-13+deb11u2 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999
https://linux.oracle.com/cve/CVE-2021-3999.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
https://www.openwall.com/lists/oss-security/2022/01/24/4
| | libc-bin | CVE-2021-3998 | MEDIUM | 2.31-13+deb11u2 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3998
https://ubuntu.com/security/notices/USN-5310-1
https://www.openwall.com/lists/oss-security/2022/01/24/4
| | libc-bin | CVE-2010-4756 | LOW | 2.31-13+deb11u2 | |
Expand...http://cxib.net/stuff/glob-0day.c
http://securityreason.com/achievement_securityalert/89
http://securityreason.com/exploitalert/9223
https://bugzilla.redhat.com/show_bug.cgi?id=681681
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756
| | libc-bin | CVE-2018-20796 | LOW | 2.31-13+deb11u2 | |
Expand...http://www.securityfocus.com/bid/107160
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141
https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html
https://security.netapp.com/advisory/ntap-20190315-0002/
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
| | libc-bin | CVE-2019-1010022 | LOW | 2.31-13+deb11u2 | |
Expand...https://security-tracker.debian.org/tracker/CVE-2019-1010022
https://sourceware.org/bugzilla/show_bug.cgi?id=22850
https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3
https://ubuntu.com/security/CVE-2019-1010022
| | libc-bin | CVE-2019-1010023 | LOW | 2.31-13+deb11u2 | |
Expand...http://www.securityfocus.com/bid/109167
https://security-tracker.debian.org/tracker/CVE-2019-1010023
https://sourceware.org/bugzilla/show_bug.cgi?id=22851
https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010023
| | libc-bin | CVE-2019-1010024 | LOW | 2.31-13+deb11u2 | |
Expand...http://www.securityfocus.com/bid/109162
https://security-tracker.debian.org/tracker/CVE-2019-1010024
https://sourceware.org/bugzilla/show_bug.cgi?id=22852
https://support.f5.com/csp/article/K06046097
https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010024
| | libc-bin | CVE-2019-1010025 | LOW | 2.31-13+deb11u2 | |
Expand...https://security-tracker.debian.org/tracker/CVE-2019-1010025
https://sourceware.org/bugzilla/show_bug.cgi?id=22853
https://support.f5.com/csp/article/K06046097
https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010025
| | libc-bin | CVE-2019-9192 | LOW | 2.31-13+deb11u2 | |
Expand...https://sourceware.org/bugzilla/show_bug.cgi?id=24269
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
| | libc-bin | CVE-2021-43396 | LOW | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://blog.tuxcare.com/vulnerability/vulnerability-in-iconv-identified-by-tuxcare-team-cve-2021-43396
https://sourceware.org/bugzilla/show_bug.cgi?id=28524
https://sourceware.org/git/?p=glibc.git;a=commit;h=ff012870b2c02a62598c04daa1e54632e020fd7d
| | libc-l10n | CVE-2021-33574 | CRITICAL | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://linux.oracle.com/cve/CVE-2021-33574.html
https://linux.oracle.com/errata/ELSA-2021-9560.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/
https://security.gentoo.org/glsa/202107-07
https://security.netapp.com/advisory/ntap-20210629-0005/
https://sourceware.org/bugzilla/show_bug.cgi?id=27896
https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1
| | libc-l10n | CVE-2022-23218 | CRITICAL | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23218
https://linux.oracle.com/cve/CVE-2022-23218.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://sourceware.org/bugzilla/show_bug.cgi?id=28768
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
| | libc-l10n | CVE-2022-23219 | CRITICAL | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23219
https://linux.oracle.com/cve/CVE-2022-23219.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://sourceware.org/bugzilla/show_bug.cgi?id=22542
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
| | libc-l10n | CVE-2021-3999 | HIGH | 2.31-13+deb11u2 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999
https://linux.oracle.com/cve/CVE-2021-3999.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
https://www.openwall.com/lists/oss-security/2022/01/24/4
| | libc-l10n | CVE-2021-3998 | MEDIUM | 2.31-13+deb11u2 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3998
https://ubuntu.com/security/notices/USN-5310-1
https://www.openwall.com/lists/oss-security/2022/01/24/4
| | libc-l10n | CVE-2010-4756 | LOW | 2.31-13+deb11u2 | |
Expand...http://cxib.net/stuff/glob-0day.c
http://securityreason.com/achievement_securityalert/89
http://securityreason.com/exploitalert/9223
https://bugzilla.redhat.com/show_bug.cgi?id=681681
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756
| | libc-l10n | CVE-2018-20796 | LOW | 2.31-13+deb11u2 | |
Expand...http://www.securityfocus.com/bid/107160
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141
https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html
https://security.netapp.com/advisory/ntap-20190315-0002/
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
| | libc-l10n | CVE-2019-1010022 | LOW | 2.31-13+deb11u2 | |
Expand...https://security-tracker.debian.org/tracker/CVE-2019-1010022
https://sourceware.org/bugzilla/show_bug.cgi?id=22850
https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3
https://ubuntu.com/security/CVE-2019-1010022
| | libc-l10n | CVE-2019-1010023 | LOW | 2.31-13+deb11u2 | |
Expand...http://www.securityfocus.com/bid/109167
https://security-tracker.debian.org/tracker/CVE-2019-1010023
https://sourceware.org/bugzilla/show_bug.cgi?id=22851
https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010023
| | libc-l10n | CVE-2019-1010024 | LOW | 2.31-13+deb11u2 | |
Expand...http://www.securityfocus.com/bid/109162
https://security-tracker.debian.org/tracker/CVE-2019-1010024
https://sourceware.org/bugzilla/show_bug.cgi?id=22852
https://support.f5.com/csp/article/K06046097
https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010024
| | libc-l10n | CVE-2019-1010025 | LOW | 2.31-13+deb11u2 | |
Expand...https://security-tracker.debian.org/tracker/CVE-2019-1010025
https://sourceware.org/bugzilla/show_bug.cgi?id=22853
https://support.f5.com/csp/article/K06046097
https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010025
| | libc-l10n | CVE-2019-9192 | LOW | 2.31-13+deb11u2 | |
Expand...https://sourceware.org/bugzilla/show_bug.cgi?id=24269
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
| | libc-l10n | CVE-2021-43396 | LOW | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://blog.tuxcare.com/vulnerability/vulnerability-in-iconv-identified-by-tuxcare-team-cve-2021-43396
https://sourceware.org/bugzilla/show_bug.cgi?id=28524
https://sourceware.org/git/?p=glibc.git;a=commit;h=ff012870b2c02a62598c04daa1e54632e020fd7d
| | libc6 | CVE-2021-33574 | CRITICAL | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://linux.oracle.com/cve/CVE-2021-33574.html
https://linux.oracle.com/errata/ELSA-2021-9560.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/
https://security.gentoo.org/glsa/202107-07
https://security.netapp.com/advisory/ntap-20210629-0005/
https://sourceware.org/bugzilla/show_bug.cgi?id=27896
https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1
| | libc6 | CVE-2022-23218 | CRITICAL | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23218
https://linux.oracle.com/cve/CVE-2022-23218.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://sourceware.org/bugzilla/show_bug.cgi?id=28768
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
| | libc6 | CVE-2022-23219 | CRITICAL | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23219
https://linux.oracle.com/cve/CVE-2022-23219.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://sourceware.org/bugzilla/show_bug.cgi?id=22542
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
| | libc6 | CVE-2021-3999 | HIGH | 2.31-13+deb11u2 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999
https://linux.oracle.com/cve/CVE-2021-3999.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
https://www.openwall.com/lists/oss-security/2022/01/24/4
| | libc6 | CVE-2021-3998 | MEDIUM | 2.31-13+deb11u2 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3998
https://ubuntu.com/security/notices/USN-5310-1
https://www.openwall.com/lists/oss-security/2022/01/24/4
| | libc6 | CVE-2010-4756 | LOW | 2.31-13+deb11u2 | |
Expand...http://cxib.net/stuff/glob-0day.c
http://securityreason.com/achievement_securityalert/89
http://securityreason.com/exploitalert/9223
https://bugzilla.redhat.com/show_bug.cgi?id=681681
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756
| | libc6 | CVE-2018-20796 | LOW | 2.31-13+deb11u2 | |
Expand...http://www.securityfocus.com/bid/107160
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141
https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html
https://security.netapp.com/advisory/ntap-20190315-0002/
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
| | libc6 | CVE-2019-1010022 | LOW | 2.31-13+deb11u2 | |
Expand...https://security-tracker.debian.org/tracker/CVE-2019-1010022
https://sourceware.org/bugzilla/show_bug.cgi?id=22850
https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3
https://ubuntu.com/security/CVE-2019-1010022
| | libc6 | CVE-2019-1010023 | LOW | 2.31-13+deb11u2 | |
Expand...http://www.securityfocus.com/bid/109167
https://security-tracker.debian.org/tracker/CVE-2019-1010023
https://sourceware.org/bugzilla/show_bug.cgi?id=22851
https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010023
| | libc6 | CVE-2019-1010024 | LOW | 2.31-13+deb11u2 | |
Expand...http://www.securityfocus.com/bid/109162
https://security-tracker.debian.org/tracker/CVE-2019-1010024
https://sourceware.org/bugzilla/show_bug.cgi?id=22852
https://support.f5.com/csp/article/K06046097
https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010024
| | libc6 | CVE-2019-1010025 | LOW | 2.31-13+deb11u2 | |
Expand...https://security-tracker.debian.org/tracker/CVE-2019-1010025
https://sourceware.org/bugzilla/show_bug.cgi?id=22853
https://support.f5.com/csp/article/K06046097
https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010025
| | libc6 | CVE-2019-9192 | LOW | 2.31-13+deb11u2 | |
Expand...https://sourceware.org/bugzilla/show_bug.cgi?id=24269
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
| | libc6 | CVE-2021-43396 | LOW | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://blog.tuxcare.com/vulnerability/vulnerability-in-iconv-identified-by-tuxcare-team-cve-2021-43396
https://sourceware.org/bugzilla/show_bug.cgi?id=28524
https://sourceware.org/git/?p=glibc.git;a=commit;h=ff012870b2c02a62598c04daa1e54632e020fd7d
| | libcurl4 | CVE-2021-22945 | CRITICAL | 7.74.0-1.3+deb11u1 | |
Expand...http://seclists.org/fulldisclosure/2022/Mar/29
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22945.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22945
https://hackerone.com/reports/1269242
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://security.netapp.com/advisory/ntap-20211029-0003/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl4 | CVE-2021-22946 | HIGH | 7.74.0-1.3+deb11u1 | |
Expand...http://seclists.org/fulldisclosure/2022/Mar/29
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22946.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946
https://hackerone.com/reports/1334111
https://linux.oracle.com/cve/CVE-2021-22946.html
https://linux.oracle.com/errata/ELSA-2021-4059.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://security.netapp.com/advisory/ntap-20211029-0003/
https://security.netapp.com/advisory/ntap-20220121-0008/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://ubuntu.com/security/notices/USN-5079-2
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl4 | CVE-2021-22947 | MEDIUM | 7.74.0-1.3+deb11u1 | |
Expand...http://seclists.org/fulldisclosure/2022/Mar/29
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22947.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947
https://hackerone.com/reports/1334763
https://launchpad.net/bugs/1944120 (regression bug)
https://linux.oracle.com/cve/CVE-2021-22947.html
https://linux.oracle.com/errata/ELSA-2021-4059.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://security.netapp.com/advisory/ntap-20211029-0003/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://ubuntu.com/security/notices/USN-5079-2
https://ubuntu.com/security/notices/USN-5079-3
https://ubuntu.com/security/notices/USN-5079-4
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl4 | CVE-2021-22898 | LOW | 7.74.0-1.3+deb11u1 | |
Expand...http://www.openwall.com/lists/oss-security/2021/07/21/4
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22898.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898
https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
https://hackerone.com/reports/1176461
https://linux.oracle.com/cve/CVE-2021-22898.html
https://linux.oracle.com/errata/ELSA-2021-4511.html
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/
https://ubuntu.com/security/notices/USN-5021-1
https://ubuntu.com/security/notices/USN-5021-2
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | libcurl4 | CVE-2021-22922 | LOW | 7.74.0-1.3+deb11u1 | |
Expand...https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22922.html
https://hackerone.com/reports/1213175
https://linux.oracle.com/cve/CVE-2021-22922.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl4 | CVE-2021-22923 | LOW | 7.74.0-1.3+deb11u1 | |
Expand...https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22923.html
https://hackerone.com/reports/1213181
https://linux.oracle.com/cve/CVE-2021-22923.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl4 | CVE-2021-22924 | LOW | 7.74.0-1.3+deb11u1 | |
Expand...https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22924.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924
https://hackerone.com/reports/1223565
https://linux.oracle.com/cve/CVE-2021-22924.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://ubuntu.com/security/notices/USN-5021-1
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libexpat1 | CVE-2022-22822 | CRITICAL | 2.2.10-2 | 2.2.10-2+deb11u1 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822
https://github.com/libexpat/libexpat/pull/539
https://linux.oracle.com/cve/CVE-2022-22822.html
https://linux.oracle.com/errata/ELSA-2022-0951.html
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | libexpat1 | CVE-2022-22823 | CRITICAL | 2.2.10-2 | 2.2.10-2+deb11u1 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823
https://github.com/libexpat/libexpat/pull/539
https://linux.oracle.com/cve/CVE-2022-22823.html
https://linux.oracle.com/errata/ELSA-2022-0951.html
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | libexpat1 | CVE-2022-22824 | CRITICAL | 2.2.10-2 | 2.2.10-2+deb11u1 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824
https://github.com/libexpat/libexpat/pull/539
https://linux.oracle.com/cve/CVE-2022-22824.html
https://linux.oracle.com/errata/ELSA-2022-0951.html
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | libexpat1 | CVE-2022-23852 | CRITICAL | 2.2.10-2 | 2.2.10-2+deb11u1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852
https://github.com/libexpat/libexpat/pull/550
https://linux.oracle.com/cve/CVE-2022-23852.html
https://linux.oracle.com/errata/ELSA-2022-0951.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
https://security.netapp.com/advisory/ntap-20220217-0001/
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | libexpat1 | CVE-2022-23990 | CRITICAL | 2.2.10-2 | 2.2.10-2+deb11u1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990
https://github.com/libexpat/libexpat/pull/551
https://linux.oracle.com/cve/CVE-2022-23990.html
https://linux.oracle.com/errata/ELSA-2022-9232.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | libexpat1 | CVE-2022-25235 | CRITICAL | 2.2.10-2 | 2.2.10-2+deb11u2 |
Expand...http://www.openwall.com/lists/oss-security/2022/02/19/1
https://blog.hartwork.org/posts/expat-2-4-5-released/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235
https://github.com/libexpat/libexpat/pull/562
https://github.com/libexpat/libexpat/pull/562/commits/367ae600b48d74261bbc339b17e9318424049791 (fix)
https://github.com/libexpat/libexpat/pull/562/commits/97cfdc3fa7dca759880d81e371901f4620279106 (tests)
https://linux.oracle.com/cve/CVE-2022-25235.html
https://linux.oracle.com/errata/ELSA-2022-0951.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
https://security.netapp.com/advisory/ntap-20220303-0008/
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5085
| | libexpat1 | CVE-2022-25236 | CRITICAL | 2.2.10-2 | 2.2.10-2+deb11u2 |
Expand...http://www.openwall.com/lists/oss-security/2022/02/19/1
https://blog.hartwork.org/posts/expat-2-4-5-released/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236
https://github.com/libexpat/libexpat/pull/561
https://github.com/libexpat/libexpat/pull/561/commits/2de077423fb22750ebea599677d523b53cb93b1d (test)
https://github.com/libexpat/libexpat/pull/561/commits/a2fe525e660badd64b6c557c2b1ec26ddc07f6e4 (fix)
https://github.com/libexpat/libexpat/pull/577
https://linux.oracle.com/cve/CVE-2022-25236.html
https://linux.oracle.com/errata/ELSA-2022-0951.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
https://security.netapp.com/advisory/ntap-20220303-0008/
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5085
| | libexpat1 | CVE-2022-25315 | CRITICAL | 2.2.10-2 | 2.2.10-2+deb11u2 |
Expand...http://www.openwall.com/lists/oss-security/2022/02/19/1
https://blog.hartwork.org/posts/expat-2-4-5-released/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315
https://github.com/libexpat/libexpat/pull/559
https://linux.oracle.com/cve/CVE-2022-25315.html
https://linux.oracle.com/errata/ELSA-2022-0951.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
https://security.netapp.com/advisory/ntap-20220303-0008/
https://ubuntu.com/security/notices/USN-5320-1
https://www.debian.org/security/2022/dsa-5085
| | libexpat1 | CVE-2021-45960 | HIGH | 2.2.10-2 | 2.2.10-2+deb11u1 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://bugzilla.mozilla.org/show_bug.cgi?id=1217609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960
https://github.com/libexpat/libexpat/issues/531
https://github.com/libexpat/libexpat/pull/534
https://github.com/libexpat/libexpat/pull/534/commits/0adcb34c49bee5b19bd29b16a578c510c23597ea
https://linux.oracle.com/cve/CVE-2021-45960.html
https://linux.oracle.com/errata/ELSA-2022-0951.html
https://security.netapp.com/advisory/ntap-20220121-0004/
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | libexpat1 | CVE-2021-46143 | HIGH | 2.2.10-2 | 2.2.10-2+deb11u1 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143
https://github.com/libexpat/libexpat/issues/532
https://github.com/libexpat/libexpat/pull/538
https://linux.oracle.com/cve/CVE-2021-46143.html
https://linux.oracle.com/errata/ELSA-2022-9227.html
https://security.netapp.com/advisory/ntap-20220121-0006/
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | libexpat1 | CVE-2022-22825 | HIGH | 2.2.10-2 | 2.2.10-2+deb11u1 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825
https://github.com/libexpat/libexpat/pull/539
https://linux.oracle.com/cve/CVE-2022-22825.html
https://linux.oracle.com/errata/ELSA-2022-0951.html
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | libexpat1 | CVE-2022-22826 | HIGH | 2.2.10-2 | 2.2.10-2+deb11u1 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826
https://github.com/libexpat/libexpat/pull/539
https://linux.oracle.com/cve/CVE-2022-22826.html
https://linux.oracle.com/errata/ELSA-2022-0951.html
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | libexpat1 | CVE-2022-22827 | HIGH | 2.2.10-2 | 2.2.10-2+deb11u1 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827
https://github.com/libexpat/libexpat/pull/539
https://linux.oracle.com/cve/CVE-2022-22827.html
https://linux.oracle.com/errata/ELSA-2022-0951.html
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | libexpat1 | CVE-2022-25314 | HIGH | 2.2.10-2 | 2.2.10-2+deb11u2 |
Expand...http://www.openwall.com/lists/oss-security/2022/02/19/1
https://blog.hartwork.org/posts/expat-2-4-5-released/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314
https://github.com/libexpat/libexpat/pull/560
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
https://security.netapp.com/advisory/ntap-20220303-0008/
https://ubuntu.com/security/notices/USN-5320-1
https://www.debian.org/security/2022/dsa-5085
| | libexpat1 | CVE-2022-25313 | MEDIUM | 2.2.10-2 | 2.2.10-2+deb11u2 |
Expand...http://www.openwall.com/lists/oss-security/2022/02/19/1
https://blog.hartwork.org/posts/expat-2-4-5-released/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313
https://github.com/libexpat/libexpat/pull/558
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
https://security.netapp.com/advisory/ntap-20220303-0008/
https://ubuntu.com/security/notices/USN-5320-1
https://www.debian.org/security/2022/dsa-5085
| | libexpat1 | CVE-2013-0340 | LOW | 2.2.10-2 | |
Expand...http://openwall.com/lists/oss-security/2013/02/22/3
http://seclists.org/fulldisclosure/2021/Oct/61
http://seclists.org/fulldisclosure/2021/Oct/62
http://seclists.org/fulldisclosure/2021/Oct/63
http://seclists.org/fulldisclosure/2021/Sep/33
http://seclists.org/fulldisclosure/2021/Sep/34
http://seclists.org/fulldisclosure/2021/Sep/35
http://seclists.org/fulldisclosure/2021/Sep/38
http://seclists.org/fulldisclosure/2021/Sep/39
http://seclists.org/fulldisclosure/2021/Sep/40
http://securitytracker.com/id?1028213
http://www.openwall.com/lists/oss-security/2013/04/12/6
http://www.openwall.com/lists/oss-security/2021/10/07/4
http://www.osvdb.org/90634
http://www.securityfocus.com/bid/58233
https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702@%3Cusers.openoffice.apache.org%3E
https://security.gentoo.org/glsa/201701-21
https://support.apple.com/kb/HT212804
https://support.apple.com/kb/HT212805
https://support.apple.com/kb/HT212807
https://support.apple.com/kb/HT212814
https://support.apple.com/kb/HT212815
https://support.apple.com/kb/HT212819
| | libexpat1 | DSA-5085-2 | UNKNOWN | 2.2.10-2 | 2.2.10-2+deb11u3 |
Expand...
| | libgcrypt20 | CVE-2021-33560 | HIGH | 1.8.7-6 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33560
https://dev.gnupg.org/T5305
https://dev.gnupg.org/T5328
https://dev.gnupg.org/T5466
https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61
https://eprint.iacr.org/2021/923
https://linux.oracle.com/cve/CVE-2021-33560.html
https://linux.oracle.com/errata/ELSA-2021-4409.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL/
https://ubuntu.com/security/notices/USN-5080-1
https://ubuntu.com/security/notices/USN-5080-2
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libgcrypt20 | CVE-2018-6829 | LOW | 1.8.7-6 | |
Expand...https://github.com/weikengchen/attack-on-libgcrypt-elgamal
https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
https://www.oracle.com/security-alerts/cpujan2020.html
| | libgmp10 | CVE-2021-43618 | HIGH | 2:6.2.1+dfsg-1 | 2:6.2.1+dfsg-1+deb11u1 |
Expand...https://bugs.debian.org/994405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43618
https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html
| | libgnutls30 | CVE-2021-4209 | MEDIUM | 3.7.1-5 | |
Expand...
| | libgnutls30 | CVE-2011-3389 | LOW | 3.7.1-5 | |
Expand...http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx
http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
http://curl.haxx.se/docs/adv_20120124B.html
http://downloads.asterisk.org/pub/security/AST-2016-001.html
http://ekoparty.org/2011/juliano-rizzo.php
http://eprint.iacr.org/2004/111
http://eprint.iacr.org/2006/136
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://marc.info/?l=bugtraq&m=132750579901589&w=2
http://marc.info/?l=bugtraq&m=132872385320240&w=2
http://marc.info/?l=bugtraq&m=133365109612558&w=2
http://marc.info/?l=bugtraq&m=133728004526190&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
http://osvdb.org/74829
http://rhn.redhat.com/errata/RHSA-2012-0508.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://secunia.com/advisories/45791
http://secunia.com/advisories/47998
http://secunia.com/advisories/48256
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/49198
http://secunia.com/advisories/55322
http://secunia.com/advisories/55350
http://secunia.com/advisories/55351
http://security.gentoo.org/glsa/glsa-201203-02.xml
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5001
http://support.apple.com/kb/HT5130
http://support.apple.com/kb/HT5281
http://support.apple.com/kb/HT5501
http://support.apple.com/kb/HT6150
http://technet.microsoft.com/security/advisory/2588513
http://vnhacker.blogspot.com/2011/09/beast.html
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
http://www.debian.org/security/2012/dsa-2398
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
http://www.ibm.com/developerworks/java/jdk/alerts/
http://www.imperialviolet.org/2011/09/23/chromeandbeast.html
http://www.insecure.cl/Beast-SSL.rar
http://www.kb.cert.org/vuls/id/864643
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
http://www.opera.com/docs/changelogs/mac/1151/
http://www.opera.com/docs/changelogs/mac/1160/
http://www.opera.com/docs/changelogs/unix/1151/
http://www.opera.com/docs/changelogs/unix/1160/
http://www.opera.com/docs/changelogs/windows/1151/
http://www.opera.com/docs/changelogs/windows/1160/
http://www.opera.com/support/kb/view/1004/
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
http://www.redhat.com/support/errata/RHSA-2011-1384.html
http://www.redhat.com/support/errata/RHSA-2012-0006.html
http://www.securityfocus.com/bid/49388
http://www.securityfocus.com/bid/49778
http://www.securitytracker.com/id/1029190
http://www.securitytracker.com/id?1025997
http://www.securitytracker.com/id?1026103
http://www.securitytracker.com/id?1026704
http://www.ubuntu.com/usn/USN-1263-1
http://www.us-cert.gov/cas/techalerts/TA12-010A.html
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail
https://bugzilla.novell.com/show_bug.cgi?id=719047
https://bugzilla.redhat.com/show_bug.cgi?id=737506
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
https://hermes.opensuse.org/messages/13154861
https://hermes.opensuse.org/messages/13155432
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
https://linux.oracle.com/cve/CVE-2011-3389.html
https://linux.oracle.com/errata/ELSA-2011-1380.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
https://ubuntu.com/security/notices/USN-1263-1
| | libgssapi-krb5-2 | CVE-2004-0971 | LOW | 1.18.3-6+deb11u1 | |
Expand...http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304
http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml
http://www.redhat.com/support/errata/RHSA-2005-012.html
http://www.securityfocus.com/bid/11289
http://www.trustix.org/errata/2004/0050
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497
| | libgssapi-krb5-2 | CVE-2018-5709 | LOW | 1.18.3-6+deb11u1 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| | libk5crypto3 | CVE-2004-0971 | LOW | 1.18.3-6+deb11u1 | |
Expand...http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304
http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml
http://www.redhat.com/support/errata/RHSA-2005-012.html
http://www.securityfocus.com/bid/11289
http://www.trustix.org/errata/2004/0050
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497
| | libk5crypto3 | CVE-2018-5709 | LOW | 1.18.3-6+deb11u1 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| | libkrb5-3 | CVE-2004-0971 | LOW | 1.18.3-6+deb11u1 | |
Expand...http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304
http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml
http://www.redhat.com/support/errata/RHSA-2005-012.html
http://www.securityfocus.com/bid/11289
http://www.trustix.org/errata/2004/0050
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497
| | libkrb5-3 | CVE-2018-5709 | LOW | 1.18.3-6+deb11u1 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| | libkrb5support0 | CVE-2004-0971 | LOW | 1.18.3-6+deb11u1 | |
Expand...http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304
http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml
http://www.redhat.com/support/errata/RHSA-2005-012.html
http://www.securityfocus.com/bid/11289
http://www.trustix.org/errata/2004/0050
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497
| | libkrb5support0 | CVE-2018-5709 | LOW | 1.18.3-6+deb11u1 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| | libldap-2.4-2 | CVE-2015-3276 | LOW | 2.4.57+dfsg-3 | |
Expand...http://rhn.redhat.com/errata/RHSA-2015-2131.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securitytracker.com/id/1034221
https://bugzilla.redhat.com/show_bug.cgi?id=1238322
https://linux.oracle.com/cve/CVE-2015-3276.html
https://linux.oracle.com/errata/ELSA-2015-2131.html
| | libldap-2.4-2 | CVE-2017-14159 | LOW | 2.4.57+dfsg-3 | |
Expand...http://www.openldap.org/its/index.cgi?findid=8703
| | libldap-2.4-2 | CVE-2017-17740 | LOW | 2.4.57+dfsg-3 | |
Expand...http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html
http://www.openldap.org/its/index.cgi/Incoming?id=8759
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
| | libldap-2.4-2 | CVE-2020-15719 | LOW | 2.4.57+dfsg-3 | |
Expand...http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html
https://access.redhat.com/errata/RHBA-2019:3674
https://bugs.openldap.org/show_bug.cgi?id=9266
https://bugzilla.redhat.com/show_bug.cgi?id=1740070
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
| | libmount1 | CVE-2021-3995 | MEDIUM | 2.36.1-8 | 2.36.1-8+deb11u1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | libmount1 | CVE-2021-3996 | MEDIUM | 2.36.1-8 | 2.36.1-8+deb11u1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | libmount1 | CVE-2022-0563 | LOW | 2.36.1-8 | |
Expand...https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
| | libncurses6 | CVE-2021-39537 | LOW | 6.2+20201114-2 | |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
| | libncursesw6 | CVE-2021-39537 | LOW | 6.2+20201114-2 | |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
| | libpcre3 | CVE-2017-11164 | LOW | 2:8.39-13 | |
Expand...http://openwall.com/lists/oss-security/2017/07/11/3
http://www.securityfocus.com/bid/99575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| | libpcre3 | CVE-2017-16231 | LOW | 2:8.39-13 | |
Expand...http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html
http://seclists.org/fulldisclosure/2018/Dec/33
http://www.openwall.com/lists/oss-security/2017/11/01/11
http://www.openwall.com/lists/oss-security/2017/11/01/3
http://www.openwall.com/lists/oss-security/2017/11/01/7
http://www.openwall.com/lists/oss-security/2017/11/01/8
http://www.securityfocus.com/bid/101688
https://bugs.exim.org/show_bug.cgi?id=2047
| | libpcre3 | CVE-2017-7245 | LOW | 2:8.39-13 | |
Expand...http://www.securityfocus.com/bid/97067
https://access.redhat.com/errata/RHSA-2018:2486
https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
https://security.gentoo.org/glsa/201710-25
| | libpcre3 | CVE-2017-7246 | LOW | 2:8.39-13 | |
Expand...http://www.securityfocus.com/bid/97067
https://access.redhat.com/errata/RHSA-2018:2486
https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
https://security.gentoo.org/glsa/201710-25
| | libpcre3 | CVE-2019-20838 | LOW | 2:8.39-13 | |
Expand...http://seclists.org/fulldisclosure/2020/Dec/32
http://seclists.org/fulldisclosure/2021/Feb/14
https://bugs.gentoo.org/717920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838
https://linux.oracle.com/cve/CVE-2019-20838.html
https://linux.oracle.com/errata/ELSA-2021-4373.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://support.apple.com/kb/HT211931
https://support.apple.com/kb/HT212147
https://www.pcre.org/original/changelog.txt
| | libpng16-16 | CVE-2019-6129 | LOW | 1.6.37-3 | |
Expand...https://github.com/glennrp/libpng/issues/269
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
| | libpng16-16 | CVE-2021-4214 | LOW | 1.6.37-3 | |
Expand...
| | libsasl2-2 | CVE-2022-24407 | HIGH | 2.1.27+dfsg-2.1 | 2.1.27+dfsg-2.1+deb11u1 |
Expand...http://www.openwall.com/lists/oss-security/2022/02/23/4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst
https://linux.oracle.com/cve/CVE-2022-24407.html
https://linux.oracle.com/errata/ELSA-2022-9239.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/
https://ubuntu.com/security/notices/USN-5301-1
https://ubuntu.com/security/notices/USN-5301-2
https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
https://www.debian.org/security/2022/dsa-5087
| | libsasl2-modules-db | CVE-2022-24407 | HIGH | 2.1.27+dfsg-2.1 | 2.1.27+dfsg-2.1+deb11u1 |
Expand...http://www.openwall.com/lists/oss-security/2022/02/23/4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst
https://linux.oracle.com/cve/CVE-2022-24407.html
https://linux.oracle.com/errata/ELSA-2022-9239.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/
https://ubuntu.com/security/notices/USN-5301-1
https://ubuntu.com/security/notices/USN-5301-2
https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
https://www.debian.org/security/2022/dsa-5087
| | libsepol1 | CVE-2021-36084 | LOW | 3.1-1 | |
Expand...https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084
https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml
https://linux.oracle.com/cve/CVE-2021-36084.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
| | libsepol1 | CVE-2021-36085 | LOW | 3.1-1 | |
Expand...https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085
https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml
https://linux.oracle.com/cve/CVE-2021-36085.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
| | libsepol1 | CVE-2021-36086 | LOW | 3.1-1 | |
Expand...https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36086
https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml
https://linux.oracle.com/cve/CVE-2021-36086.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
| | libsepol1 | CVE-2021-36087 | LOW | 3.1-1 | |
Expand...https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36087
https://github.com/SELinuxProject/selinux/commit/340f0eb7f3673e8aacaf0a96cbfcd4d12a405521
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml
https://linux.oracle.com/cve/CVE-2021-36087.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
https://lore.kernel.org/selinux/CAEN2sdqJKHvDzPnxS-J8grU8fSf32DDtx=kyh84OsCq_Vm+yaQ@mail.gmail.com/T/
| | libsmartcols1 | CVE-2021-3995 | MEDIUM | 2.36.1-8 | 2.36.1-8+deb11u1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | libsmartcols1 | CVE-2021-3996 | MEDIUM | 2.36.1-8 | 2.36.1-8+deb11u1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | libsmartcols1 | CVE-2022-0563 | LOW | 2.36.1-8 | |
Expand...https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
| | libssl1.1 | CVE-2022-0778 | HIGH | 1.1.1k-1+deb11u1 | 1.1.1k-1+deb11u2 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246
https://linux.oracle.com/cve/CVE-2022-0778.html
https://linux.oracle.com/errata/ELSA-2022-9246.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
https://security.netapp.com/advisory/ntap-20220321-0002/
https://ubuntu.com/security/notices/USN-5328-1
https://ubuntu.com/security/notices/USN-5328-2
https://www.debian.org/security/2022/dsa-5103
https://www.openssl.org/news/secadv/20220315.txt
| | libssl1.1 | CVE-2021-4160 | MEDIUM | 1.1.1k-1+deb11u1 | 1.1.1k-1+deb11u2 |
Expand...https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3bf7b73ea7123045b8f972badc67ed6878e6c37f
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
https://www.debian.org/security/2022/dsa-5103
https://www.openssl.org/news/secadv/20220128.txt
| | libssl1.1 | CVE-2007-6755 | LOW | 1.1.1k-1+deb11u1 | |
Expand...http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html
http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html
http://rump2007.cr.yp.to/15-shumow.pdf
http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/
http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect
http://www.securityfocus.com/bid/63657
https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html
| | libssl1.1 | CVE-2010-0928 | LOW | 1.1.1k-1+deb11u1 | |
Expand...http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/
http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf
http://www.networkworld.com/news/2010/030410-rsa-security-attack.html
http://www.osvdb.org/62808
http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/
https://exchange.xforce.ibmcloud.com/vulnerabilities/56750
| | libsystemd0 | CVE-2021-3997 | MEDIUM | 247.3-6 | 247.3-7 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3997
https://ubuntu.com/security/notices/USN-5226-1
https://www.openwall.com/lists/oss-security/2022/01/10/2
| | libsystemd0 | CVE-2013-4392 | LOW | 247.3-6 | |
Expand...http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357
http://www.openwall.com/lists/oss-security/2013/10/01/9
https://bugzilla.redhat.com/show_bug.cgi?id=859060
| | libsystemd0 | CVE-2020-13529 | LOW | 247.3-6 | |
Expand...http://www.openwall.com/lists/oss-security/2021/08/04/2
http://www.openwall.com/lists/oss-security/2021/08/17/3
http://www.openwall.com/lists/oss-security/2021/09/07/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529
https://linux.oracle.com/cve/CVE-2020-13529.html
https://linux.oracle.com/errata/ELSA-2021-4361.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
https://security.gentoo.org/glsa/202107-48
https://security.netapp.com/advisory/ntap-20210625-0005/
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
https://ubuntu.com/security/notices/USN-5013-1
https://ubuntu.com/security/notices/USN-5013-2
| | libtinfo6 | CVE-2021-39537 | LOW | 6.2+20201114-2 | |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
| | libudev1 | CVE-2021-3997 | MEDIUM | 247.3-6 | 247.3-7 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3997
https://ubuntu.com/security/notices/USN-5226-1
https://www.openwall.com/lists/oss-security/2022/01/10/2
| | libudev1 | CVE-2013-4392 | LOW | 247.3-6 | |
Expand...http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357
http://www.openwall.com/lists/oss-security/2013/10/01/9
https://bugzilla.redhat.com/show_bug.cgi?id=859060
| | libudev1 | CVE-2020-13529 | LOW | 247.3-6 | |
Expand...http://www.openwall.com/lists/oss-security/2021/08/04/2
http://www.openwall.com/lists/oss-security/2021/08/17/3
http://www.openwall.com/lists/oss-security/2021/09/07/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529
https://linux.oracle.com/cve/CVE-2020-13529.html
https://linux.oracle.com/errata/ELSA-2021-4361.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
https://security.gentoo.org/glsa/202107-48
https://security.netapp.com/advisory/ntap-20210625-0005/
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
https://ubuntu.com/security/notices/USN-5013-1
https://ubuntu.com/security/notices/USN-5013-2
| | libuuid1 | CVE-2021-3995 | MEDIUM | 2.36.1-8 | 2.36.1-8+deb11u1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | libuuid1 | CVE-2021-3996 | MEDIUM | 2.36.1-8 | 2.36.1-8+deb11u1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | libuuid1 | CVE-2022-0563 | LOW | 2.36.1-8 | |
Expand...https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
| | locales | CVE-2021-33574 | CRITICAL | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://linux.oracle.com/cve/CVE-2021-33574.html
https://linux.oracle.com/errata/ELSA-2021-9560.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/
https://security.gentoo.org/glsa/202107-07
https://security.netapp.com/advisory/ntap-20210629-0005/
https://sourceware.org/bugzilla/show_bug.cgi?id=27896
https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1
| | locales | CVE-2022-23218 | CRITICAL | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23218
https://linux.oracle.com/cve/CVE-2022-23218.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://sourceware.org/bugzilla/show_bug.cgi?id=28768
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
| | locales | CVE-2022-23219 | CRITICAL | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23219
https://linux.oracle.com/cve/CVE-2022-23219.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://sourceware.org/bugzilla/show_bug.cgi?id=22542
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
| | locales | CVE-2021-3999 | HIGH | 2.31-13+deb11u2 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999
https://linux.oracle.com/cve/CVE-2021-3999.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
https://www.openwall.com/lists/oss-security/2022/01/24/4
| | locales | CVE-2021-3998 | MEDIUM | 2.31-13+deb11u2 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3998
https://ubuntu.com/security/notices/USN-5310-1
https://www.openwall.com/lists/oss-security/2022/01/24/4
| | locales | CVE-2010-4756 | LOW | 2.31-13+deb11u2 | |
Expand...http://cxib.net/stuff/glob-0day.c
http://securityreason.com/achievement_securityalert/89
http://securityreason.com/exploitalert/9223
https://bugzilla.redhat.com/show_bug.cgi?id=681681
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756
| | locales | CVE-2018-20796 | LOW | 2.31-13+deb11u2 | |
Expand...http://www.securityfocus.com/bid/107160
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141
https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html
https://security.netapp.com/advisory/ntap-20190315-0002/
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
| | locales | CVE-2019-1010022 | LOW | 2.31-13+deb11u2 | |
Expand...https://security-tracker.debian.org/tracker/CVE-2019-1010022
https://sourceware.org/bugzilla/show_bug.cgi?id=22850
https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3
https://ubuntu.com/security/CVE-2019-1010022
| | locales | CVE-2019-1010023 | LOW | 2.31-13+deb11u2 | |
Expand...http://www.securityfocus.com/bid/109167
https://security-tracker.debian.org/tracker/CVE-2019-1010023
https://sourceware.org/bugzilla/show_bug.cgi?id=22851
https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010023
| | locales | CVE-2019-1010024 | LOW | 2.31-13+deb11u2 | |
Expand...http://www.securityfocus.com/bid/109162
https://security-tracker.debian.org/tracker/CVE-2019-1010024
https://sourceware.org/bugzilla/show_bug.cgi?id=22852
https://support.f5.com/csp/article/K06046097
https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010024
| | locales | CVE-2019-1010025 | LOW | 2.31-13+deb11u2 | |
Expand...https://security-tracker.debian.org/tracker/CVE-2019-1010025
https://sourceware.org/bugzilla/show_bug.cgi?id=22853
https://support.f5.com/csp/article/K06046097
https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010025
| | locales | CVE-2019-9192 | LOW | 2.31-13+deb11u2 | |
Expand...https://sourceware.org/bugzilla/show_bug.cgi?id=24269
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
| | locales | CVE-2021-43396 | LOW | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://blog.tuxcare.com/vulnerability/vulnerability-in-iconv-identified-by-tuxcare-team-cve-2021-43396
https://sourceware.org/bugzilla/show_bug.cgi?id=28524
https://sourceware.org/git/?p=glibc.git;a=commit;h=ff012870b2c02a62598c04daa1e54632e020fd7d
| | locales-all | CVE-2021-33574 | CRITICAL | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://linux.oracle.com/cve/CVE-2021-33574.html
https://linux.oracle.com/errata/ELSA-2021-9560.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/
https://security.gentoo.org/glsa/202107-07
https://security.netapp.com/advisory/ntap-20210629-0005/
https://sourceware.org/bugzilla/show_bug.cgi?id=27896
https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1
| | locales-all | CVE-2022-23218 | CRITICAL | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23218
https://linux.oracle.com/cve/CVE-2022-23218.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://sourceware.org/bugzilla/show_bug.cgi?id=28768
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
| | locales-all | CVE-2022-23219 | CRITICAL | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23219
https://linux.oracle.com/cve/CVE-2022-23219.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://sourceware.org/bugzilla/show_bug.cgi?id=22542
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
| | locales-all | CVE-2021-3999 | HIGH | 2.31-13+deb11u2 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999
https://linux.oracle.com/cve/CVE-2021-3999.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
https://www.openwall.com/lists/oss-security/2022/01/24/4
| | locales-all | CVE-2021-3998 | MEDIUM | 2.31-13+deb11u2 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3998
https://ubuntu.com/security/notices/USN-5310-1
https://www.openwall.com/lists/oss-security/2022/01/24/4
| | locales-all | CVE-2010-4756 | LOW | 2.31-13+deb11u2 | |
Expand...http://cxib.net/stuff/glob-0day.c
http://securityreason.com/achievement_securityalert/89
http://securityreason.com/exploitalert/9223
https://bugzilla.redhat.com/show_bug.cgi?id=681681
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756
| | locales-all | CVE-2018-20796 | LOW | 2.31-13+deb11u2 | |
Expand...http://www.securityfocus.com/bid/107160
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141
https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html
https://security.netapp.com/advisory/ntap-20190315-0002/
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
| | locales-all | CVE-2019-1010022 | LOW | 2.31-13+deb11u2 | |
Expand...https://security-tracker.debian.org/tracker/CVE-2019-1010022
https://sourceware.org/bugzilla/show_bug.cgi?id=22850
https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3
https://ubuntu.com/security/CVE-2019-1010022
| | locales-all | CVE-2019-1010023 | LOW | 2.31-13+deb11u2 | |
Expand...http://www.securityfocus.com/bid/109167
https://security-tracker.debian.org/tracker/CVE-2019-1010023
https://sourceware.org/bugzilla/show_bug.cgi?id=22851
https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010023
| | locales-all | CVE-2019-1010024 | LOW | 2.31-13+deb11u2 | |
Expand...http://www.securityfocus.com/bid/109162
https://security-tracker.debian.org/tracker/CVE-2019-1010024
https://sourceware.org/bugzilla/show_bug.cgi?id=22852
https://support.f5.com/csp/article/K06046097
https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010024
| | locales-all | CVE-2019-1010025 | LOW | 2.31-13+deb11u2 | |
Expand...https://security-tracker.debian.org/tracker/CVE-2019-1010025
https://sourceware.org/bugzilla/show_bug.cgi?id=22853
https://support.f5.com/csp/article/K06046097
https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010025
| | locales-all | CVE-2019-9192 | LOW | 2.31-13+deb11u2 | |
Expand...https://sourceware.org/bugzilla/show_bug.cgi?id=24269
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
| | locales-all | CVE-2021-43396 | LOW | 2.31-13+deb11u2 | 2.31-13+deb11u3 |
Expand...https://blog.tuxcare.com/vulnerability/vulnerability-in-iconv-identified-by-tuxcare-team-cve-2021-43396
https://sourceware.org/bugzilla/show_bug.cgi?id=28524
https://sourceware.org/git/?p=glibc.git;a=commit;h=ff012870b2c02a62598c04daa1e54632e020fd7d
| | login | CVE-2007-5686 | LOW | 1:4.8.1-1 | |
Expand...http://secunia.com/advisories/27215
http://www.securityfocus.com/archive/1/482129/100/100/threaded
http://www.securityfocus.com/archive/1/482857/100/0/threaded
http://www.securityfocus.com/bid/26048
http://www.vupen.com/english/advisories/2007/3474
https://issues.rpath.com/browse/RPL-1825
| | login | CVE-2013-4235 | LOW | 1:4.8.1-1 | |
Expand...https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
| | login | CVE-2019-19882 | LOW | 1:4.8.1-1 | |
Expand...https://bugs.archlinux.org/task/64836
https://bugs.gentoo.org/702252
https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75
https://github.com/shadow-maint/shadow/pull/199
https://github.com/void-linux/void-packages/pull/17580
https://security.gentoo.org/glsa/202008-09
| | mount | CVE-2021-3995 | MEDIUM | 2.36.1-8 | 2.36.1-8+deb11u1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | mount | CVE-2021-3996 | MEDIUM | 2.36.1-8 | 2.36.1-8+deb11u1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | mount | CVE-2022-0563 | LOW | 2.36.1-8 | |
Expand...https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
| | ncurses-base | CVE-2021-39537 | LOW | 6.2+20201114-2 | |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
| | ncurses-bin | CVE-2021-39537 | LOW | 6.2+20201114-2 | |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
| | openssl | CVE-2022-0778 | HIGH | 1.1.1k-1+deb11u1 | 1.1.1k-1+deb11u2 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246
https://linux.oracle.com/cve/CVE-2022-0778.html
https://linux.oracle.com/errata/ELSA-2022-9246.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
https://security.netapp.com/advisory/ntap-20220321-0002/
https://ubuntu.com/security/notices/USN-5328-1
https://ubuntu.com/security/notices/USN-5328-2
https://www.debian.org/security/2022/dsa-5103
https://www.openssl.org/news/secadv/20220315.txt
| | openssl | CVE-2021-4160 | MEDIUM | 1.1.1k-1+deb11u1 | 1.1.1k-1+deb11u2 |
Expand...https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3bf7b73ea7123045b8f972badc67ed6878e6c37f
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
https://www.debian.org/security/2022/dsa-5103
https://www.openssl.org/news/secadv/20220128.txt
| | openssl | CVE-2007-6755 | LOW | 1.1.1k-1+deb11u1 | |
Expand...http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html
http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html
http://rump2007.cr.yp.to/15-shumow.pdf
http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/
http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect
http://www.securityfocus.com/bid/63657
https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html
| | openssl | CVE-2010-0928 | LOW | 1.1.1k-1+deb11u1 | |
Expand...http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/
http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf
http://www.networkworld.com/news/2010/030410-rsa-security-attack.html
http://www.osvdb.org/62808
http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/
https://exchange.xforce.ibmcloud.com/vulnerabilities/56750
| | passwd | CVE-2007-5686 | LOW | 1:4.8.1-1 | |
Expand...http://secunia.com/advisories/27215
http://www.securityfocus.com/archive/1/482129/100/100/threaded
http://www.securityfocus.com/archive/1/482857/100/0/threaded
http://www.securityfocus.com/bid/26048
http://www.vupen.com/english/advisories/2007/3474
https://issues.rpath.com/browse/RPL-1825
| | passwd | CVE-2013-4235 | LOW | 1:4.8.1-1 | |
Expand...https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
| | passwd | CVE-2019-19882 | LOW | 1:4.8.1-1 | |
Expand...https://bugs.archlinux.org/task/64836
https://bugs.gentoo.org/702252
https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75
https://github.com/shadow-maint/shadow/pull/199
https://github.com/void-linux/void-packages/pull/17580
https://security.gentoo.org/glsa/202008-09
| | perl-base | CVE-2020-16156 | HIGH | 5.32.1-4+deb11u2 | |
Expand...http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
https://metacpan.org/pod/distribution/CPAN/scripts/cpan
| | perl-base | CVE-2011-4116 | LOW | 5.32.1-4+deb11u2 | |
Expand...http://www.openwall.com/lists/oss-security/2011/11/04/2
http://www.openwall.com/lists/oss-security/2011/11/04/4
https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14
https://rt.cpan.org/Public/Bug/Display.html?id=69106
https://seclists.org/oss-sec/2011/q4/238
| | tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Expand...http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| | unzip | CVE-2022-0529 | HIGH | 6.0-26 | |
Expand...https://bugzilla.redhat.com/show_bug.cgi?id=2051395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0529
https://github.com/ByteHackr/unzip_poc
| | unzip | CVE-2022-0530 | HIGH | 6.0-26 | |
Expand...https://bugzilla.redhat.com/show_bug.cgi?id=2051395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0530
https://github.com/ByteHackr/unzip_poc
| | unzip | CVE-2021-4217 | LOW | 6.0-26 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4217
| | util-linux | CVE-2021-3995 | MEDIUM | 2.36.1-8 | 2.36.1-8+deb11u1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | util-linux | CVE-2021-3996 | MEDIUM | 2.36.1-8 | 2.36.1-8+deb11u1 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | util-linux | CVE-2022-0563 | LOW | 2.36.1-8 | |
Expand...https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
| | wget | CVE-2021-31879 | MEDIUM | 1.21-1+deb11u1 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| | zip | CVE-2018-13410 | LOW | 3.0-12 | |
Expand...http://seclists.org/fulldisclosure/2018/Jul/24
| | zlib1g | CVE-2018-25032 | MEDIUM | 1:1.2.11.dfsg-2 | |
Expand...http://www.openwall.com/lists/oss-security/2022/03/25/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://www.openwall.com/lists/oss-security/2022/03/24/1
| **jar** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | com.fasterxml.jackson.core:jackson-databind | CVE-2020-36518 | HIGH | 2.12.5 | 2.13.2.1 |
Expand...https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b
https://github.com/FasterXML/jackson-databind/issues/2816
https://github.com/advisories/GHSA-57j2-w4cx-62h2
https://nvd.nist.gov/vuln/detail/CVE-2020-36518
| | com.google.guava:guava | CVE-2020-8908 | LOW | 27.1-jre | 30.0 |
Expand...https://github.com/advisories/GHSA-5mg8-w23w-74h3
https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40
https://github.com/google/guava/issues/4011
https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r037fed1d0ebde50c9caf8d99815db3093c344c3f651c5a49a09824ce@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e@%3Ccommits.ws.apache.org%3E
https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27@%3Cyarn-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222@%3Ccommits.ws.apache.org%3E
https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f@%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95@%3Cgithub.arrow.apache.org%3E
https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf@%3Cdev.pig.apache.org%3E
https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e@%3Cyarn-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-8908
https://security.netapp.com/advisory/ntap-20220210-0003/
https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | com.thoughtworks.xstream:xstream | CVE-2021-43859 | HIGH | 1.4.18 | 1.4.19 |
Expand...http://www.openwall.com/lists/oss-security/2022/02/09/1
https://github.com/advisories/GHSA-rmr5-cpv2-vgjf
https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846
https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf
https://lists.debian.org/debian-lts-announce/2022/02/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VACQYG356OHUTD5WQGAQ4L2TTFTAV3SJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XODFRE2ZL64FICBJDOPWOLPTSSAI4U7X/
https://nvd.nist.gov/vuln/detail/CVE-2021-43859
https://x-stream.github.io/CVE-2021-43859.html
| | io.netty:netty-codec-http | CVE-2021-43797 | MEDIUM | 4.1.68.Final | 4.1.71.Final |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
https://github.com/advisories/GHSA-wx5j-54mm-rqqq
https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323
https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 (netty-4.1.71.Final)
https://github.com/netty/netty/pull/11891
https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq
https://nvd.nist.gov/vuln/detail/CVE-2021-43797
https://security.netapp.com/advisory/ntap-20220107-0003/
| | org.apache.logging.log4j:log4j-core | CVE-2021-44832 | MEDIUM | 2.17.0 | 2.17.1, 2.12.4, 2.3.2 |
Expand...http://www.openwall.com/lists/oss-security/2021/12/28/1
https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832
https://github.com/advisories/GHSA-8489-44mv-ggj8
https://github.com/apache/logging-log4j2/commit/05db5f9527254632b59aed2a1d78a32c5ab74f16
https://issues.apache.org/jira/browse/LOG4J2-3293
https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143
https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/
https://nvd.nist.gov/vuln/detail/CVE-2021-44832
https://security.netapp.com/advisory/ntap-20220104-0001/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
https://ubuntu.com/security/notices/USN-5222-1
https://www.oracle.com/security-alerts/cpujan2022.html
| | org.eclipse.californium:californium-core | CVE-2021-34433 | HIGH | 2.0.0 | 2.6.5 |
Expand...https://bugs.eclipse.org/bugs/show_bug.cgi?id=575281
https://nvd.nist.gov/vuln/detail/CVE-2021-34433
|