--- hide: - toc --- # Security Overview ## Helm-Chart ##### Scan Results #### Chart Object: ntfy/templates/common.yaml | Type | Misconfiguration ID | Check | Severity | Explaination | Links | |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| | Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |
Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.

Container 'hostpatch' of Deployment 'RELEASE-NAME-ntfy' should set 'securityContext.allowPrivilegeEscalation' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001
| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.

Container 'RELEASE-NAME-ntfy' of Deployment 'RELEASE-NAME-ntfy' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.

Container 'hostpatch' of Deployment 'RELEASE-NAME-ntfy' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| | Kubernetes Security Check | KSV011 | CPU not limited | LOW |
Expand... Enforcing CPU limits prevents DoS via resource exhaustion.

Container 'hostpatch' of Deployment 'RELEASE-NAME-ntfy' should set 'resources.limits.cpu'
|
Expand...https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv011
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'autopermissions' of Deployment 'RELEASE-NAME-ntfy' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'hostpatch' of Deployment 'RELEASE-NAME-ntfy' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'autopermissions' of Deployment 'RELEASE-NAME-ntfy' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'hostpatch' of Deployment 'RELEASE-NAME-ntfy' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV015 | CPU requests not specified | LOW |
Expand... When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.

Container 'hostpatch' of Deployment 'RELEASE-NAME-ntfy' should set 'resources.requests.cpu'
|
Expand...https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv015
| | Kubernetes Security Check | KSV016 | Memory requests not specified | LOW |
Expand... When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.

Container 'hostpatch' of Deployment 'RELEASE-NAME-ntfy' should set 'resources.requests.memory'
|
Expand...https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv016
| | Kubernetes Security Check | KSV017 | Privileged container | HIGH |
Expand... Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.

Container 'hostpatch' of Deployment 'RELEASE-NAME-ntfy' should set 'securityContext.privileged' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017
| | Kubernetes Security Check | KSV018 | Memory not limited | LOW |
Expand... Enforcing memory limits prevents DoS via resource exhaustion.

Container 'hostpatch' of Deployment 'RELEASE-NAME-ntfy' should set 'resources.limits.memory'
|
Expand...https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv018
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-ntfy' of Deployment 'RELEASE-NAME-ntfy' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-ntfy' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'hostpatch' of Deployment 'RELEASE-NAME-ntfy' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| | Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-ntfy' of Deployment 'RELEASE-NAME-ntfy' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| | Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-ntfy' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| | Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'hostpatch' of Deployment 'RELEASE-NAME-ntfy' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| | Kubernetes Security Check | KSV023 | hostPath volumes mounted | MEDIUM |
Expand... HostPath volumes must be forbidden.

Deployment 'RELEASE-NAME-ntfy' should not set 'spec.template.volumes.hostPath'
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv023
| | Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW |
Expand... Containers should be forbidden from running with a root primary or supplementary GID.

Deployment 'RELEASE-NAME-ntfy' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029
| ## Containers ##### Detected Containers tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 tccr.io/truecharts/ntfy:v1.22.0@sha256:c4750f9c3e13620cf0fa562f56feb976b4b3cb86b854f82f34c88e32c059a6c9 ##### Scan Results #### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2) **alpine** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| | curl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://ubuntu.com/security/notices/USN-5397-1
| | curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://ubuntu.com/security/notices/USN-5397-1
| | curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://ubuntu.com/security/notices/USN-5397-1
| | curl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://ubuntu.com/security/notices/USN-5397-1
| | libcurl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://ubuntu.com/security/notices/USN-5397-1
| | libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://ubuntu.com/security/notices/USN-5397-1
| | libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://ubuntu.com/security/notices/USN-5397-1
| | libcurl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://ubuntu.com/security/notices/USN-5397-1
| | ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| | zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ
https://linux.oracle.com/cve/CVE-2018-25032.html
https://linux.oracle.com/errata/ELSA-2022-1642.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3
| #### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2) **alpine** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| | curl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://ubuntu.com/security/notices/USN-5397-1
| | curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://ubuntu.com/security/notices/USN-5397-1
| | curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://ubuntu.com/security/notices/USN-5397-1
| | curl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://ubuntu.com/security/notices/USN-5397-1
| | libcurl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://ubuntu.com/security/notices/USN-5397-1
| | libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://ubuntu.com/security/notices/USN-5397-1
| | libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://ubuntu.com/security/notices/USN-5397-1
| | libcurl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://ubuntu.com/security/notices/USN-5397-1
| | ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| | zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ
https://linux.oracle.com/cve/CVE-2018-25032.html
https://linux.oracle.com/errata/ELSA-2022-1642.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3
| #### Container: tccr.io/truecharts/ntfy:v1.22.0@sha256:c4750f9c3e13620cf0fa562f56feb976b4b3cb86b854f82f34c88e32c059a6c9 (alpine 3.12.3) **alpine** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.5-r1 | 2.10.7-r0 |
Expand...https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| | apk-tools | CVE-2021-30139 | HIGH | 2.10.5-r1 | 2.10.6-r0 |
Expand...https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741
https://gitlab.alpinelinux.org/alpine/aports/-/issues/12606
| | busybox | CVE-2022-28391 | CRITICAL | 1.31.1-r19 | 1.31.1-r22 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| | busybox | CVE-2021-28831 | HIGH | 1.31.1-r19 | 1.31.1-r20 |
Expand...https://access.redhat.com/security/cve/CVE-2021-28831
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/
https://nvd.nist.gov/vuln/detail/CVE-2021-28831
https://security.gentoo.org/glsa/202105-09
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42378 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42378
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42379 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42379
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42380 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42380
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42381 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42381
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42382 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42382
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42383 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42383
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| | busybox | CVE-2021-42384 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42384
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42385 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42385
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42386 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42386
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42374 | MEDIUM | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42374
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | libcrypto1.1 | CVE-2021-3711 | CRITICAL | 1.1.1i-r0 | 1.1.1l-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/08/26/2
https://access.redhat.com/security/cve/CVE-2021-3711
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-3711
https://rustsec.org/advisories/RUSTSEC-2021-0097.html
https://security.netapp.com/advisory/ntap-20210827-0010/
https://security.netapp.com/advisory/ntap-20211022-0003/
https://ubuntu.com/security/notices/USN-5051-1
https://www.debian.org/security/2021/dsa-4963
https://www.openssl.org/news/secadv/20210824.txt
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://www.tenable.com/security/tns-2022-02
| | libcrypto1.1 | CVE-2021-23840 | HIGH | 1.1.1i-r0 | 1.1.1j-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23840
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
https://kc.mcafee.com/corporate/index?page=content&id=SB10366
https://linux.oracle.com/cve/CVE-2021-23840.html
https://linux.oracle.com/errata/ELSA-2021-9561.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://rustsec.org/advisories/RUSTSEC-2021-0057.html
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210219-0009/
https://ubuntu.com/security/notices/USN-4738-1
https://ubuntu.com/security/notices/USN-5088-1
https://www.debian.org/security/2021/dsa-4855
https://www.openssl.org/news/secadv/20210216.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-03
https://www.tenable.com/security/tns-2021-09
https://www.tenable.com/security/tns-2021-10
| | libcrypto1.1 | CVE-2021-3450 | HIGH | 1.1.1i-r0 | 1.1.1k-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/03/27/1
http://www.openwall.com/lists/oss-security/2021/03/27/2
http://www.openwall.com/lists/oss-security/2021/03/28/3
http://www.openwall.com/lists/oss-security/2021/03/28/4
https://access.redhat.com/security/cve/CVE-2021-3450
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://crates.io/crates/openssl-src
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
https://kc.mcafee.com/corporate/index?page=content&id=SB10356
https://linux.oracle.com/cve/CVE-2021-3450.html
https://linux.oracle.com/errata/ELSA-2021-9151.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3450
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
https://rustsec.org/advisories/RUSTSEC-2021-0056.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210326-0006/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
https://www.openssl.org/news/secadv/20210325.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-05
https://www.tenable.com/security/tns-2021-08
https://www.tenable.com/security/tns-2021-09
| | libcrypto1.1 | CVE-2021-3712 | HIGH | 1.1.1i-r0 | 1.1.1l-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/08/26/2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json
https://access.redhat.com/security/cve/CVE-2021-3712
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12
https://kc.mcafee.com/corporate/index?page=content&id=SB10366
https://linux.oracle.com/cve/CVE-2021-3712.html
https://linux.oracle.com/errata/ELSA-2022-9023.html
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3712
https://rustsec.org/advisories/RUSTSEC-2021-0098.html
https://security.netapp.com/advisory/ntap-20210827-0010/
https://ubuntu.com/security/notices/USN-5051-1
https://ubuntu.com/security/notices/USN-5051-2
https://ubuntu.com/security/notices/USN-5051-3
https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm)
https://ubuntu.com/security/notices/USN-5088-1
https://www.debian.org/security/2021/dsa-4963
https://www.openssl.org/news/secadv/20210824.txt
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://www.tenable.com/security/tns-2022-02
| | libcrypto1.1 | CVE-2022-0778 | HIGH | 1.1.1i-r0 | 1.1.1n-r0 |
Expand...https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json
https://access.redhat.com/security/cve/CVE-2022-0778
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246
https://linux.oracle.com/cve/CVE-2022-0778.html
https://linux.oracle.com/errata/ELSA-2022-9272.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
https://rustsec.org/advisories/RUSTSEC-2022-0014.html
https://security.netapp.com/advisory/ntap-20220321-0002/
https://security.netapp.com/advisory/ntap-20220429-0005/
https://ubuntu.com/security/notices/USN-5328-1
https://ubuntu.com/security/notices/USN-5328-2
https://www.debian.org/security/2022/dsa-5103
https://www.openssl.org/news/secadv/20220315.txt
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.tenable.com/security/tns-2022-06
https://www.tenable.com/security/tns-2022-07
https://www.tenable.com/security/tns-2022-08
https://www.tenable.com/security/tns-2022-09
| | libcrypto1.1 | CVE-2021-23841 | MEDIUM | 1.1.1i-r0 | 1.1.1j-r0 |
Expand...http://seclists.org/fulldisclosure/2021/May/67
http://seclists.org/fulldisclosure/2021/May/68
http://seclists.org/fulldisclosure/2021/May/70
https://access.redhat.com/security/cve/CVE-2021-23841
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23841
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
https://linux.oracle.com/cve/CVE-2021-23841.html
https://linux.oracle.com/errata/ELSA-2021-9561.html
https://rustsec.org/advisories/RUSTSEC-2021-0058.html
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210219-0009/
https://security.netapp.com/advisory/ntap-20210513-0002/
https://support.apple.com/kb/HT212528
https://support.apple.com/kb/HT212529
https://support.apple.com/kb/HT212534
https://ubuntu.com/security/notices/USN-4738-1
https://ubuntu.com/security/notices/USN-4745-1
https://www.debian.org/security/2021/dsa-4855
https://www.openssl.org/news/secadv/20210216.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-03
https://www.tenable.com/security/tns-2021-09
| | libcrypto1.1 | CVE-2021-3449 | MEDIUM | 1.1.1i-r0 | 1.1.1k-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/03/27/1
http://www.openwall.com/lists/oss-security/2021/03/27/2
http://www.openwall.com/lists/oss-security/2021/03/28/3
http://www.openwall.com/lists/oss-security/2021/03/28/4
https://access.redhat.com/security/cve/CVE-2021-3449
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
https://kc.mcafee.com/corporate/index?page=content&id=SB10356
https://linux.oracle.com/cve/CVE-2021-3449.html
https://linux.oracle.com/errata/ELSA-2021-9151.html
https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
https://rustsec.org/advisories/RUSTSEC-2021-0055.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210326-0006/
https://security.netapp.com/advisory/ntap-20210513-0002/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
https://ubuntu.com/security/notices/USN-4891-1
https://ubuntu.com/security/notices/USN-5038-1
https://www.debian.org/security/2021/dsa-4875
https://www.openssl.org/news/secadv/20210325.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-05
https://www.tenable.com/security/tns-2021-06
https://www.tenable.com/security/tns-2021-09
https://www.tenable.com/security/tns-2021-10
| | libcrypto1.1 | CVE-2021-23839 | LOW | 1.1.1i-r0 | 1.1.1j-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23839
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30919ab80a478f2d81f2e9acdcca3fa4740cd547
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
https://security.netapp.com/advisory/ntap-20210219-0009/
https://www.openssl.org/news/secadv/20210216.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libssl1.1 | CVE-2021-3711 | CRITICAL | 1.1.1i-r0 | 1.1.1l-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/08/26/2
https://access.redhat.com/security/cve/CVE-2021-3711
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-3711
https://rustsec.org/advisories/RUSTSEC-2021-0097.html
https://security.netapp.com/advisory/ntap-20210827-0010/
https://security.netapp.com/advisory/ntap-20211022-0003/
https://ubuntu.com/security/notices/USN-5051-1
https://www.debian.org/security/2021/dsa-4963
https://www.openssl.org/news/secadv/20210824.txt
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://www.tenable.com/security/tns-2022-02
| | libssl1.1 | CVE-2021-23840 | HIGH | 1.1.1i-r0 | 1.1.1j-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23840
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
https://kc.mcafee.com/corporate/index?page=content&id=SB10366
https://linux.oracle.com/cve/CVE-2021-23840.html
https://linux.oracle.com/errata/ELSA-2021-9561.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://rustsec.org/advisories/RUSTSEC-2021-0057.html
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210219-0009/
https://ubuntu.com/security/notices/USN-4738-1
https://ubuntu.com/security/notices/USN-5088-1
https://www.debian.org/security/2021/dsa-4855
https://www.openssl.org/news/secadv/20210216.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-03
https://www.tenable.com/security/tns-2021-09
https://www.tenable.com/security/tns-2021-10
| | libssl1.1 | CVE-2021-3450 | HIGH | 1.1.1i-r0 | 1.1.1k-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/03/27/1
http://www.openwall.com/lists/oss-security/2021/03/27/2
http://www.openwall.com/lists/oss-security/2021/03/28/3
http://www.openwall.com/lists/oss-security/2021/03/28/4
https://access.redhat.com/security/cve/CVE-2021-3450
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://crates.io/crates/openssl-src
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
https://kc.mcafee.com/corporate/index?page=content&id=SB10356
https://linux.oracle.com/cve/CVE-2021-3450.html
https://linux.oracle.com/errata/ELSA-2021-9151.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3450
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
https://rustsec.org/advisories/RUSTSEC-2021-0056.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210326-0006/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
https://www.openssl.org/news/secadv/20210325.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-05
https://www.tenable.com/security/tns-2021-08
https://www.tenable.com/security/tns-2021-09
| | libssl1.1 | CVE-2021-3712 | HIGH | 1.1.1i-r0 | 1.1.1l-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/08/26/2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json
https://access.redhat.com/security/cve/CVE-2021-3712
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12
https://kc.mcafee.com/corporate/index?page=content&id=SB10366
https://linux.oracle.com/cve/CVE-2021-3712.html
https://linux.oracle.com/errata/ELSA-2022-9023.html
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3712
https://rustsec.org/advisories/RUSTSEC-2021-0098.html
https://security.netapp.com/advisory/ntap-20210827-0010/
https://ubuntu.com/security/notices/USN-5051-1
https://ubuntu.com/security/notices/USN-5051-2
https://ubuntu.com/security/notices/USN-5051-3
https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm)
https://ubuntu.com/security/notices/USN-5088-1
https://www.debian.org/security/2021/dsa-4963
https://www.openssl.org/news/secadv/20210824.txt
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://www.tenable.com/security/tns-2022-02
| | libssl1.1 | CVE-2022-0778 | HIGH | 1.1.1i-r0 | 1.1.1n-r0 |
Expand...https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json
https://access.redhat.com/security/cve/CVE-2022-0778
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246
https://linux.oracle.com/cve/CVE-2022-0778.html
https://linux.oracle.com/errata/ELSA-2022-9272.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
https://rustsec.org/advisories/RUSTSEC-2022-0014.html
https://security.netapp.com/advisory/ntap-20220321-0002/
https://security.netapp.com/advisory/ntap-20220429-0005/
https://ubuntu.com/security/notices/USN-5328-1
https://ubuntu.com/security/notices/USN-5328-2
https://www.debian.org/security/2022/dsa-5103
https://www.openssl.org/news/secadv/20220315.txt
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.tenable.com/security/tns-2022-06
https://www.tenable.com/security/tns-2022-07
https://www.tenable.com/security/tns-2022-08
https://www.tenable.com/security/tns-2022-09
| | libssl1.1 | CVE-2021-23841 | MEDIUM | 1.1.1i-r0 | 1.1.1j-r0 |
Expand...http://seclists.org/fulldisclosure/2021/May/67
http://seclists.org/fulldisclosure/2021/May/68
http://seclists.org/fulldisclosure/2021/May/70
https://access.redhat.com/security/cve/CVE-2021-23841
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23841
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
https://linux.oracle.com/cve/CVE-2021-23841.html
https://linux.oracle.com/errata/ELSA-2021-9561.html
https://rustsec.org/advisories/RUSTSEC-2021-0058.html
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210219-0009/
https://security.netapp.com/advisory/ntap-20210513-0002/
https://support.apple.com/kb/HT212528
https://support.apple.com/kb/HT212529
https://support.apple.com/kb/HT212534
https://ubuntu.com/security/notices/USN-4738-1
https://ubuntu.com/security/notices/USN-4745-1
https://www.debian.org/security/2021/dsa-4855
https://www.openssl.org/news/secadv/20210216.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-03
https://www.tenable.com/security/tns-2021-09
| | libssl1.1 | CVE-2021-3449 | MEDIUM | 1.1.1i-r0 | 1.1.1k-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/03/27/1
http://www.openwall.com/lists/oss-security/2021/03/27/2
http://www.openwall.com/lists/oss-security/2021/03/28/3
http://www.openwall.com/lists/oss-security/2021/03/28/4
https://access.redhat.com/security/cve/CVE-2021-3449
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
https://kc.mcafee.com/corporate/index?page=content&id=SB10356
https://linux.oracle.com/cve/CVE-2021-3449.html
https://linux.oracle.com/errata/ELSA-2021-9151.html
https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
https://rustsec.org/advisories/RUSTSEC-2021-0055.html
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210326-0006/
https://security.netapp.com/advisory/ntap-20210513-0002/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
https://ubuntu.com/security/notices/USN-4891-1
https://ubuntu.com/security/notices/USN-5038-1
https://www.debian.org/security/2021/dsa-4875
https://www.openssl.org/news/secadv/20210325.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-05
https://www.tenable.com/security/tns-2021-06
https://www.tenable.com/security/tns-2021-09
https://www.tenable.com/security/tns-2021-10
| | libssl1.1 | CVE-2021-23839 | LOW | 1.1.1i-r0 | 1.1.1j-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23839
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30919ab80a478f2d81f2e9acdcca3fa4740cd547
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
https://security.netapp.com/advisory/ntap-20210219-0009/
https://www.openssl.org/news/secadv/20210216.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | ssl_client | CVE-2022-28391 | CRITICAL | 1.31.1-r19 | 1.31.1-r22 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| | ssl_client | CVE-2021-28831 | HIGH | 1.31.1-r19 | 1.31.1-r20 |
Expand...https://access.redhat.com/security/cve/CVE-2021-28831
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/
https://nvd.nist.gov/vuln/detail/CVE-2021-28831
https://security.gentoo.org/glsa/202105-09
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42378 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42378
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42379 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42379
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42380 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42380
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42381 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42381
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42382 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42382
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42383 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42383
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| | ssl_client | CVE-2021-42384 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42384
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42385 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42385
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42386 | HIGH | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42386
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r19 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42374
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ
https://linux.oracle.com/cve/CVE-2018-25032.html
https://linux.oracle.com/errata/ELSA-2022-1642.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3
|