--- hide: - toc --- # Security Overview ## Helm-Chart ##### Scan Results #### Chart Object: pixapop/templates/common.yaml | Type | Misconfiguration ID | Check | Severity | Explaination | Links | |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| | Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |
Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.

Container 'RELEASE-NAME-pixapop' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.allowPrivilegeEscalation' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv001
| | Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |
Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.

Container 'autopermissions' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.allowPrivilegeEscalation' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv001
| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.

Container 'RELEASE-NAME-pixapop' of Deployment 'RELEASE-NAME-pixapop' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/misconfig/ksv003
| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.

Container 'autopermissions' of Deployment 'RELEASE-NAME-pixapop' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/misconfig/ksv003
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'RELEASE-NAME-pixapop' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv012
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'autopermissions' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv012
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'RELEASE-NAME-pixapop' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/misconfig/ksv014
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'autopermissions' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/misconfig/ksv014
| | Kubernetes Security Check | KSV017 | Privileged container | HIGH |
Expand... Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.

Container 'autopermissions' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.privileged' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/misconfig/ksv017
| | Kubernetes Security Check | KSV020 | Runs with low user ID | LOW |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-pixapop' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/misconfig/ksv020
| | Kubernetes Security Check | KSV020 | Runs with low user ID | LOW |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/misconfig/ksv020
| | Kubernetes Security Check | KSV021 | Runs with low group ID | LOW |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-pixapop' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/misconfig/ksv021
| | Kubernetes Security Check | KSV021 | Runs with low group ID | LOW |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-pixapop' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/misconfig/ksv021
| | Kubernetes Security Check | KSV030 | Default Seccomp profile not set | LOW |
Expand... The RuntimeDefault/Localhost seccomp profile must be required, or allow specific additional profiles.

Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv030
| | Kubernetes Security Check | KSV030 | Default Seccomp profile not set | LOW |
Expand... The RuntimeDefault/Localhost seccomp profile must be required, or allow specific additional profiles.

Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv030
| | Kubernetes Security Check | KSV105 | Containers must not set runAsUser to 0 | LOW |
Expand... Containers should be forbidden from running with a root UID.

securityContext.runAsUser should be set to a value greater than 0
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv105
| | Kubernetes Security Check | KSV105 | Containers must not set runAsUser to 0 | LOW |
Expand... Containers should be forbidden from running with a root UID.

securityContext.runAsUser should be set to a value greater than 0
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv105
| | Kubernetes Security Check | KSV106 | Container capabilities must only include NET_BIND_SERVICE | LOW |
Expand... Containers must drop ALL capabilities, and are only permitted to add back the NET_BIND_SERVICE capability.

container should drop all
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv106
| | Kubernetes Security Check | KSV106 | Container capabilities must only include NET_BIND_SERVICE | LOW |
Expand... Containers must drop ALL capabilities, and are only permitted to add back the NET_BIND_SERVICE capability.

container should drop all
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv106
| ## Containers ##### Detected Containers tccr.io/truecharts/alpine:v3.16.0@sha256:16dc15f3d61a1e30b1df9f839e53636847b6097286b2b74c637b25fd8264f730 tccr.io/truecharts/pixapop:v1.2-ls15@sha256:6a05383524fcd51b0b692d508dd16ed6948337aa272677e01baa6d8ba119c070 ##### Scan Results #### Container: tccr.io/truecharts/alpine:v3.16.0@sha256:16dc15f3d61a1e30b1df9f839e53636847b6097286b2b74c637b25fd8264f730 (alpine 3.16.0) **alpine** | No Vulnerabilities found | |:---------------------------------| #### Container: tccr.io/truecharts/pixapop:v1.2-ls15@sha256:6a05383524fcd51b0b692d508dd16ed6948337aa272677e01baa6d8ba119c070 (alpine 3.12) **alpine** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apache2-utils | CVE-2021-26691 | CRITICAL | 2.4.46-r1 | 2.4.48-r0 |
Expand...http://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2021/06/10/7
https://access.redhat.com/security/cve/CVE-2021-26691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26691
https://linux.oracle.com/cve/CVE-2021-26691.html
https://linux.oracle.com/errata/ELSA-2022-0143.html
https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe@%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://nvd.nist.gov/vuln/detail/CVE-2021-26691
https://security.gentoo.org/glsa/202107-38
https://security.netapp.com/advisory/ntap-20210702-0001/
https://ubuntu.com/security/notices/USN-4994-1
https://ubuntu.com/security/notices/USN-4994-2
https://www.debian.org/security/2021/dsa-4937
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | apache2-utils | CVE-2021-39275 | CRITICAL | 2.4.46-r1 | 2.4.49-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-39275
https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-39275
https://linux.oracle.com/cve/CVE-2021-39275.html
https://linux.oracle.com/errata/ELSA-2022-9005.html
https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://nvd.nist.gov/vuln/detail/CVE-2021-39275
https://security.netapp.com/advisory/ntap-20211008-0004/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
https://ubuntu.com/security/notices/USN-5090-1
https://ubuntu.com/security/notices/USN-5090-2
https://www.debian.org/security/2021/dsa-4982
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | apache2-utils | CVE-2021-40438 | CRITICAL | 2.4.46-r1 | 2.4.49-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-40438
https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-40438
https://linux.oracle.com/cve/CVE-2021-40438.html
https://linux.oracle.com/errata/ELSA-2021-3856.html
https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3Cbugs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3Cusers.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://nvd.nist.gov/vuln/detail/CVE-2021-40438
https://security.netapp.com/advisory/ntap-20211008-0004/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
https://ubuntu.com/security/notices/USN-5090-1
https://ubuntu.com/security/notices/USN-5090-2
https://ubuntu.com/security/notices/USN-5090-2 (regression update esm)
https://ubuntu.com/security/notices/USN-5090-3 (regression update)
https://www.debian.org/security/2021/dsa-4982
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.tenable.com/security/tns-2021-17
| | apache2-utils | CVE-2021-42013 | CRITICAL | 2.4.46-r1 | 2.4.51-r0 |
Expand...http://jvn.jp/en/jp/JVN51106450/index.html
http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html
http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html
http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html
http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html
http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html
http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html
http://www.openwall.com/lists/oss-security/2021/10/07/6
http://www.openwall.com/lists/oss-security/2021/10/08/1
http://www.openwall.com/lists/oss-security/2021/10/08/2
http://www.openwall.com/lists/oss-security/2021/10/08/3
http://www.openwall.com/lists/oss-security/2021/10/08/4
http://www.openwall.com/lists/oss-security/2021/10/08/5
http://www.openwall.com/lists/oss-security/2021/10/08/6
http://www.openwall.com/lists/oss-security/2021/10/09/1
http://www.openwall.com/lists/oss-security/2021/10/11/4
http://www.openwall.com/lists/oss-security/2021/10/15/3
http://www.openwall.com/lists/oss-security/2021/10/16/1
https://access.redhat.com/security/cve/CVE-2021-42013
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb@%3Cusers.httpd.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/
https://security.netapp.com/advisory/ntap-20211029-0009/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.povilaika.com/apache-2-4-50-exploit/
| | apache2-utils | CVE-2021-44790 | CRITICAL | 2.4.46-r1 | 2.4.52-r0 |
Expand...http://httpd.apache.org/security/vulnerabilities_24.html
http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
http://www.openwall.com/lists/oss-security/2021/12/20/4
https://access.redhat.com/security/cve/CVE-2021-44790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790
https://httpd.apache.org/security/vulnerabilities_24.html
https://linux.oracle.com/cve/CVE-2021-44790.html
https://linux.oracle.com/errata/ELSA-2022-0258.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
https://nvd.nist.gov/vuln/detail/CVE-2021-44790
https://security.netapp.com/advisory/ntap-20211224-0001/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://ubuntu.com/security/notices/USN-5212-1
https://ubuntu.com/security/notices/USN-5212-2
https://www.debian.org/security/2022/dsa-5035
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.tenable.com/security/tns-2022-01
https://www.tenable.com/security/tns-2022-03
| | apache2-utils | CVE-2022-22720 | CRITICAL | 2.4.46-r1 | 2.4.53-r0 |
Expand...http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
http://www.openwall.com/lists/oss-security/2022/03/14/3
https://access.redhat.com/security/cve/CVE-2022-22720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22720
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720
https://linux.oracle.com/cve/CVE-2022-22720.html
https://linux.oracle.com/errata/ELSA-2022-9257.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
https://nvd.nist.gov/vuln/detail/CVE-2022-22720
https://security.netapp.com/advisory/ntap-20220321-0001/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://ubuntu.com/security/notices/USN-5333-1
https://ubuntu.com/security/notices/USN-5333-2
https://www.oracle.com/security-alerts/cpuapr2022.html
| | apache2-utils | CVE-2022-22721 | CRITICAL | 2.4.46-r1 | 2.4.53-r0 |
Expand...http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
http://www.openwall.com/lists/oss-security/2022/03/14/2
https://access.redhat.com/security/cve/CVE-2022-22721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22721
https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
https://nvd.nist.gov/vuln/detail/CVE-2022-22721
https://security.netapp.com/advisory/ntap-20220321-0001/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://ubuntu.com/security/notices/USN-5333-1
https://ubuntu.com/security/notices/USN-5333-2
https://www.oracle.com/security-alerts/cpuapr2022.html
| | apache2-utils | CVE-2022-23943 | CRITICAL | 2.4.46-r1 | 2.4.53-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/03/14/1
https://access.redhat.com/security/cve/CVE-2022-23943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-23943
https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
https://nvd.nist.gov/vuln/detail/CVE-2022-23943
https://security.netapp.com/advisory/ntap-20220321-0001/
https://ubuntu.com/security/notices/USN-5333-1
https://ubuntu.com/security/notices/USN-5333-2
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.tenable.com/security/tns-2022-08
https://www.tenable.com/security/tns-2022-09
| | apache2-utils | CVE-2019-17657 | HIGH | 2.4.46-r1 | 2.4.48-r0 |
Expand...https://fortiguard.com/psirt/FG-IR-19-013
| | apache2-utils | CVE-2020-13950 | HIGH | 2.4.46-r1 | 2.4.48-r0 |
Expand...http://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2021/06/10/4
https://access.redhat.com/security/cve/CVE-2020-13950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13950
https://linux.oracle.com/cve/CVE-2020-13950.html
https://linux.oracle.com/errata/ELSA-2022-5163.html
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223@%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://nvd.nist.gov/vuln/detail/CVE-2020-13950
https://security.gentoo.org/glsa/202107-38
https://security.netapp.com/advisory/ntap-20210702-0001/
https://ubuntu.com/security/notices/USN-4994-1
https://www.oracle.com/security-alerts/cpuoct2021.html
| | apache2-utils | CVE-2020-35452 | HIGH | 2.4.46-r1 | 2.4.48-r0 |
Expand...http://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2021/06/10/5
https://access.redhat.com/security/cve/CVE-2020-35452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
https://errata.almalinux.org/8/ALSA-2022-1915.html
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-35452
https://linux.oracle.com/cve/CVE-2020-35452.html
https://linux.oracle.com/errata/ELSA-2022-1915.html
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602@%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://nvd.nist.gov/vuln/detail/CVE-2020-35452
https://security.gentoo.org/glsa/202107-38
https://security.netapp.com/advisory/ntap-20210702-0001/
https://ubuntu.com/security/notices/USN-4994-1
https://ubuntu.com/security/notices/USN-4994-2
https://www.debian.org/security/2021/dsa-4937
https://www.oracle.com/security-alerts/cpuoct2021.html
| | apache2-utils | CVE-2021-26690 | HIGH | 2.4.46-r1 | 2.4.48-r0 |
Expand...http://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2021/06/10/6
https://access.redhat.com/security/cve/CVE-2021-26690
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26690
https://linux.oracle.com/cve/CVE-2021-26690.html
https://linux.oracle.com/errata/ELSA-2021-9545.html
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/rae406c1d19c0dfd3103c96923dadac2af1cd0bad6905ab1ede153865@%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://nvd.nist.gov/vuln/detail/CVE-2021-26690
https://security.gentoo.org/glsa/202107-38
https://security.netapp.com/advisory/ntap-20210702-0001/
https://ubuntu.com/security/notices/USN-4994-1
https://ubuntu.com/security/notices/USN-4994-2
https://www.debian.org/security/2021/dsa-4937
https://www.oracle.com/security-alerts/cpuoct2021.html
| | apache2-utils | CVE-2021-31618 | HIGH | 2.4.46-r1 | 2.4.48-r0 |
Expand...http://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2021/06/10/9
https://access.redhat.com/security/cve/CVE-2021-31618
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1@%3Ccvs.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/
https://seclists.org/oss-sec/2021/q2/206
https://security.gentoo.org/glsa/202107-38
https://security.netapp.com/advisory/ntap-20210727-0008/
https://www.debian.org/security/2021/dsa-4937
https://www.oracle.com/security-alerts/cpuoct2021.html
| | apache2-utils | CVE-2021-33193 | HIGH | 2.4.46-r1 | 2.4.49-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-33193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
https://errata.almalinux.org/8/ALSA-2022-1915.html
https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch
https://linux.oracle.com/cve/CVE-2021-33193.html
https://linux.oracle.com/errata/ELSA-2022-9276.html
https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3Ccvs.httpd.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/
https://nvd.nist.gov/vuln/detail/CVE-2021-33193
https://portswigger.net/research/http2
https://security.netapp.com/advisory/ntap-20210917-0004/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
https://ubuntu.com/security/notices/USN-5090-1
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.tenable.com/security/tns-2021-17
| | apache2-utils | CVE-2021-34798 | HIGH | 2.4.46-r1 | 2.4.49-r0 |
Expand...http://httpd.apache.org/security/vulnerabilities_24.html
https://access.redhat.com/security/cve/CVE-2021-34798
https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-34798
https://kc.mcafee.com/corporate/index?page=content&id=SB10379
https://linux.oracle.com/cve/CVE-2021-34798.html
https://linux.oracle.com/errata/ELSA-2022-9005.html
https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://nvd.nist.gov/vuln/detail/CVE-2021-34798
https://security.netapp.com/advisory/ntap-20211008-0004/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
https://ubuntu.com/security/notices/USN-5090-1
https://ubuntu.com/security/notices/USN-5090-2
https://www.debian.org/security/2021/dsa-4982
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.tenable.com/security/tns-2021-17
| | apache2-utils | CVE-2021-36160 | HIGH | 2.4.46-r1 | 2.4.49-r0 |
Expand...http://httpd.apache.org/security/vulnerabilities_24.html
https://access.redhat.com/security/cve/CVE-2021-36160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
https://errata.almalinux.org/8/ALSA-2022-1915.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-36160
https://linux.oracle.com/cve/CVE-2021-36160.html
https://linux.oracle.com/errata/ELSA-2022-1915.html
https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3Cbugs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c@%3Cbugs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb@%3Cbugs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3@%3Cbugs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781@%3Cbugs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a@%3Cbugs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a@%3Cbugs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3Ccvs.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/09/msg00016.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://nvd.nist.gov/vuln/detail/CVE-2021-36160
https://security.netapp.com/advisory/ntap-20211008-0004/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
https://ubuntu.com/security/notices/USN-5090-1
https://www.debian.org/security/2021/dsa-4982
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | apache2-utils | CVE-2021-41524 | HIGH | 2.4.46-r1 | 2.4.50-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/05/1
https://access.redhat.com/security/cve/CVE-2021-41524
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/
https://nvd.nist.gov/vuln/detail/CVE-2021-41524
https://security.netapp.com/advisory/ntap-20211029-0009/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ
https://www.oracle.com/security-alerts/cpujan2022.html
| | apache2-utils | CVE-2021-41773 | HIGH | 2.4.46-r1 | 2.4.50-r0 |
Expand...http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html
http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html
http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html
http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html
http://www.openwall.com/lists/oss-security/2021/10/05/2
http://www.openwall.com/lists/oss-security/2021/10/07/1
http://www.openwall.com/lists/oss-security/2021/10/07/6
http://www.openwall.com/lists/oss-security/2021/10/08/1
http://www.openwall.com/lists/oss-security/2021/10/08/2
http://www.openwall.com/lists/oss-security/2021/10/08/3
http://www.openwall.com/lists/oss-security/2021/10/08/4
http://www.openwall.com/lists/oss-security/2021/10/08/5
http://www.openwall.com/lists/oss-security/2021/10/08/6
http://www.openwall.com/lists/oss-security/2021/10/09/1
http://www.openwall.com/lists/oss-security/2021/10/11/4
http://www.openwall.com/lists/oss-security/2021/10/15/3
http://www.openwall.com/lists/oss-security/2021/10/16/1
https://access.redhat.com/security/cve/CVE-2021-41773
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb@%3Cusers.httpd.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/
https://nvd.nist.gov/vuln/detail/CVE-2021-41773
https://security.netapp.com/advisory/ntap-20211029-0009/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ
https://www.oracle.com/security-alerts/cpujan2022.html
| | apache2-utils | CVE-2021-44224 | HIGH | 2.4.46-r1 | 2.4.52-r0 |
Expand...http://httpd.apache.org/security/vulnerabilities_24.html
http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
http://www.openwall.com/lists/oss-security/2021/12/20/3
https://access.redhat.com/security/cve/CVE-2021-44224
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224
https://errata.almalinux.org/8/ALSA-2022-1915.html
https://httpd.apache.org/security/vulnerabilities_24.html
https://linux.oracle.com/cve/CVE-2021-44224.html
https://linux.oracle.com/errata/ELSA-2022-1915.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
https://nvd.nist.gov/vuln/detail/CVE-2021-44224
https://security.netapp.com/advisory/ntap-20211224-0001/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://ubuntu.com/security/notices/USN-5212-1
https://ubuntu.com/security/notices/USN-5212-2
https://www.debian.org/security/2022/dsa-5035
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.tenable.com/security/tns-2022-01
https://www.tenable.com/security/tns-2022-03
| | apache2-utils | CVE-2022-22719 | HIGH | 2.4.46-r1 | 2.4.53-r0 |
Expand...http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
http://www.openwall.com/lists/oss-security/2022/03/14/4
https://access.redhat.com/security/cve/CVE-2022-22719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22719
https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
https://nvd.nist.gov/vuln/detail/CVE-2022-22719
https://security.netapp.com/advisory/ntap-20220321-0001/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://ubuntu.com/security/notices/USN-5333-1
https://ubuntu.com/security/notices/USN-5333-2
https://www.oracle.com/security-alerts/cpuapr2022.html
| | apache2-utils | CVE-2020-13938 | MEDIUM | 2.4.46-r1 | 2.4.48-r0 |
Expand...http://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2021/06/10/3
https://access.redhat.com/security/cve/CVE-2020-13938
https://kc.mcafee.com/corporate/index?page=content&id=SB10379
https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30@%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
https://security.netapp.com/advisory/ntap-20210702-0001/
| | apache2-utils | CVE-2021-30641 | MEDIUM | 2.4.46-r1 | 2.4.48-r0 |
Expand...http://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2021/06/10/8
https://access.redhat.com/security/cve/CVE-2021-30641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
https://linux.oracle.com/cve/CVE-2021-30641.html
https://linux.oracle.com/errata/ELSA-2021-4257.html
https://lists.apache.org/thread.html/r2b4773944d83d2799de9fbaeee7fe0f3fd72669467787e02f434cb10@%3Cannounce.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
https://nvd.nist.gov/vuln/detail/CVE-2021-30641
https://security.gentoo.org/glsa/202107-38
https://security.netapp.com/advisory/ntap-20210702-0001/
https://ubuntu.com/security/notices/USN-4994-1
https://ubuntu.com/security/notices/USN-4994-2
https://www.debian.org/security/2021/dsa-4937
https://www.oracle.com/security-alerts/cpuoct2021.html
| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.6-r0 | 2.10.7-r0 |
Expand...https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| | avahi-libs | CVE-2021-3468 | MEDIUM | 0.8-r0 | 0.8-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2021-3468
https://bugzilla.redhat.com/show_bug.cgi?id=1939614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3468
https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3468
https://ubuntu.com/security/notices/USN-5008-1
https://ubuntu.com/security/notices/USN-5008-2
| | busybox | CVE-2022-28391 | CRITICAL | 1.31.1-r20 | 1.31.1-r22 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| | busybox | CVE-2021-42378 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42378
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42379 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42379
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42380 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42380
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42381 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42381
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42382 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42382
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42383 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42383
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| | busybox | CVE-2021-42384 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42384
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42385 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42385
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42386 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42386
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42374 | MEDIUM | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42374
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | cairo | CVE-2019-6462 | MEDIUM | 1.16.0-r3 | 1.16.0-r5 |
Expand...https://access.redhat.com/security/cve/CVE-2019-6462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6462
https://github.com/TeamSeri0us/pocs/tree/master/gerbv
https://gitlab.freedesktop.org/cairo/cairo/issues/353
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-6462
https://ubuntu.com/security/notices/USN-5407-1
| | cairo-gobject | CVE-2019-6462 | MEDIUM | 1.16.0-r3 | 1.16.0-r5 |
Expand...https://access.redhat.com/security/cve/CVE-2019-6462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6462
https://github.com/TeamSeri0us/pocs/tree/master/gerbv
https://gitlab.freedesktop.org/cairo/cairo/issues/353
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-6462
https://ubuntu.com/security/notices/USN-5407-1
| | expat | CVE-2022-22822 | CRITICAL | 2.2.9-r1 | 2.2.10-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://access.redhat.com/security/cve/CVE-2022-22822
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822
https://github.com/libexpat/libexpat/pull/539
https://linux.oracle.com/cve/CVE-2022-22822.html
https://linux.oracle.com/errata/ELSA-2022-1069.html
https://nvd.nist.gov/vuln/detail/CVE-2022-22822
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | expat | CVE-2022-22823 | CRITICAL | 2.2.9-r1 | 2.2.10-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://access.redhat.com/security/cve/CVE-2022-22823
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823
https://github.com/libexpat/libexpat/pull/539
https://linux.oracle.com/cve/CVE-2022-22823.html
https://linux.oracle.com/errata/ELSA-2022-1069.html
https://nvd.nist.gov/vuln/detail/CVE-2022-22823
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | expat | CVE-2022-22824 | CRITICAL | 2.2.9-r1 | 2.2.10-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://access.redhat.com/security/cve/CVE-2022-22824
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824
https://github.com/libexpat/libexpat/pull/539
https://linux.oracle.com/cve/CVE-2022-22824.html
https://linux.oracle.com/errata/ELSA-2022-1069.html
https://nvd.nist.gov/vuln/detail/CVE-2022-22824
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | expat | CVE-2022-23852 | CRITICAL | 2.2.9-r1 | 2.2.10-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-23852
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23852
https://github.com/libexpat/libexpat/pull/550
https://linux.oracle.com/cve/CVE-2022-23852.html
https://linux.oracle.com/errata/ELSA-2022-1069.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
https://nvd.nist.gov/vuln/detail/CVE-2022-23852
https://security.netapp.com/advisory/ntap-20220217-0001/
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.tenable.com/security/tns-2022-05
| | expat | CVE-2022-23990 | CRITICAL | 2.2.9-r1 | 2.2.10-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-23990
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990
https://github.com/libexpat/libexpat/pull/551
https://linux.oracle.com/cve/CVE-2022-23990.html
https://linux.oracle.com/errata/ELSA-2022-9232.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/
https://nvd.nist.gov/vuln/detail/CVE-2022-23990
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.tenable.com/security/tns-2022-05
| | expat | CVE-2022-25235 | CRITICAL | 2.2.9-r1 | 2.2.10-r2 |
Expand...http://www.openwall.com/lists/oss-security/2022/02/19/1
https://access.redhat.com/security/cve/CVE-2022-25235
https://blog.hartwork.org/posts/expat-2-4-5-released/
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25235
https://github.com/libexpat/libexpat/pull/562
https://github.com/libexpat/libexpat/pull/562/commits/367ae600b48d74261bbc339b17e9318424049791 (fix)
https://github.com/libexpat/libexpat/pull/562/commits/97cfdc3fa7dca759880d81e371901f4620279106 (tests)
https://linux.oracle.com/cve/CVE-2022-25235.html
https://linux.oracle.com/errata/ELSA-2022-9359.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
https://nvd.nist.gov/vuln/detail/CVE-2022-25235
https://security.netapp.com/advisory/ntap-20220303-0008/
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5085
https://www.oracle.com/security-alerts/cpuapr2022.html
| | expat | CVE-2022-25236 | CRITICAL | 2.2.9-r1 | 2.2.10-r2 |
Expand...http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html
http://www.openwall.com/lists/oss-security/2022/02/19/1
https://access.redhat.com/security/cve/CVE-2022-25236
https://blog.hartwork.org/posts/expat-2-4-5-released/
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236
https://github.com/libexpat/libexpat/pull/561
https://github.com/libexpat/libexpat/pull/561/commits/2de077423fb22750ebea599677d523b53cb93b1d (test)
https://github.com/libexpat/libexpat/pull/561/commits/a2fe525e660badd64b6c557c2b1ec26ddc07f6e4 (fix)
https://github.com/libexpat/libexpat/pull/577
https://linux.oracle.com/cve/CVE-2022-25236.html
https://linux.oracle.com/errata/ELSA-2022-9359.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
https://nvd.nist.gov/vuln/detail/CVE-2022-25236
https://security.netapp.com/advisory/ntap-20220303-0008/
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5085
https://www.oracle.com/security-alerts/cpuapr2022.html
| | expat | CVE-2022-25315 | CRITICAL | 2.2.9-r1 | 2.2.10-r2 |
Expand...http://www.openwall.com/lists/oss-security/2022/02/19/1
https://access.redhat.com/security/cve/CVE-2022-25315
https://blog.hartwork.org/posts/expat-2-4-5-released/
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315
https://github.com/libexpat/libexpat/pull/559
https://linux.oracle.com/cve/CVE-2022-25315.html
https://linux.oracle.com/errata/ELSA-2022-9359.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
https://nvd.nist.gov/vuln/detail/CVE-2022-25315
https://security.netapp.com/advisory/ntap-20220303-0008/
https://ubuntu.com/security/notices/USN-5320-1
https://www.debian.org/security/2022/dsa-5085
https://www.oracle.com/security-alerts/cpuapr2022.html
| | expat | CVE-2021-45960 | HIGH | 2.2.9-r1 | 2.2.10-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://access.redhat.com/security/cve/CVE-2021-45960
https://bugzilla.mozilla.org/show_bug.cgi?id=1217609
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960
https://github.com/libexpat/libexpat/issues/531
https://github.com/libexpat/libexpat/pull/534
https://github.com/libexpat/libexpat/pull/534/commits/0adcb34c49bee5b19bd29b16a578c510c23597ea
https://linux.oracle.com/cve/CVE-2021-45960.html
https://linux.oracle.com/errata/ELSA-2022-1069.html
https://nvd.nist.gov/vuln/detail/CVE-2021-45960
https://security.netapp.com/advisory/ntap-20220121-0004/
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | expat | CVE-2021-46143 | HIGH | 2.2.9-r1 | 2.2.10-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://access.redhat.com/security/cve/CVE-2021-46143
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143
https://github.com/libexpat/libexpat/issues/532
https://github.com/libexpat/libexpat/pull/538
https://linux.oracle.com/cve/CVE-2021-46143.html
https://linux.oracle.com/errata/ELSA-2022-9227.html
https://nvd.nist.gov/vuln/detail/CVE-2021-46143
https://security.netapp.com/advisory/ntap-20220121-0006/
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | expat | CVE-2022-22825 | HIGH | 2.2.9-r1 | 2.2.10-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://access.redhat.com/security/cve/CVE-2022-22825
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825
https://github.com/libexpat/libexpat/pull/539
https://linux.oracle.com/cve/CVE-2022-22825.html
https://linux.oracle.com/errata/ELSA-2022-1069.html
https://nvd.nist.gov/vuln/detail/CVE-2022-22825
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | expat | CVE-2022-22826 | HIGH | 2.2.9-r1 | 2.2.10-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://access.redhat.com/security/cve/CVE-2022-22826
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826
https://github.com/libexpat/libexpat/pull/539
https://linux.oracle.com/cve/CVE-2022-22826.html
https://linux.oracle.com/errata/ELSA-2022-1069.html
https://nvd.nist.gov/vuln/detail/CVE-2022-22826
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | expat | CVE-2022-22827 | HIGH | 2.2.9-r1 | 2.2.10-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://access.redhat.com/security/cve/CVE-2022-22827
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827
https://github.com/libexpat/libexpat/pull/539
https://linux.oracle.com/cve/CVE-2022-22827.html
https://linux.oracle.com/errata/ELSA-2022-1069.html
https://nvd.nist.gov/vuln/detail/CVE-2022-22827
https://ubuntu.com/security/notices/USN-5288-1
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
| | expat | CVE-2022-25314 | HIGH | 2.2.9-r1 | 2.2.10-r2 |
Expand...http://www.openwall.com/lists/oss-security/2022/02/19/1
https://access.redhat.com/security/cve/CVE-2022-25314
https://blog.hartwork.org/posts/expat-2-4-5-released/
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314
https://github.com/libexpat/libexpat/pull/560
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
https://nvd.nist.gov/vuln/detail/CVE-2022-25314
https://security.netapp.com/advisory/ntap-20220303-0008/
https://ubuntu.com/security/notices/USN-5320-1
https://www.debian.org/security/2022/dsa-5085
https://www.oracle.com/security-alerts/cpuapr2022.html
| | expat | CVE-2022-25313 | MEDIUM | 2.2.9-r1 | 2.2.10-r2 |
Expand...http://www.openwall.com/lists/oss-security/2022/02/19/1
https://access.redhat.com/security/cve/CVE-2022-25313
https://blog.hartwork.org/posts/expat-2-4-5-released/
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313
https://github.com/libexpat/libexpat/pull/558
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
https://nvd.nist.gov/vuln/detail/CVE-2022-25313
https://security.netapp.com/advisory/ntap-20220303-0008/
https://ubuntu.com/security/notices/USN-5320-1
https://www.debian.org/security/2022/dsa-5085
https://www.oracle.com/security-alerts/cpuapr2022.html
| | freetype | CVE-2022-27404 | CRITICAL | 2.10.4-r0 | 2.10.4-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404
https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db
https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/
https://nvd.nist.gov/vuln/detail/CVE-2022-27404
| | freetype | CVE-2022-27405 | HIGH | 2.10.4-r0 | 2.10.4-r2 |
Expand...http://freetype.com
https://access.redhat.com/security/cve/CVE-2022-27405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405
https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5
https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/
https://nvd.nist.gov/vuln/detail/CVE-2022-27405
| | freetype | CVE-2022-27406 | HIGH | 2.10.4-r0 | 2.10.4-r2 |
Expand...http://freetype.com
https://access.redhat.com/security/cve/CVE-2022-27406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406
https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2
https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/
https://nvd.nist.gov/vuln/detail/CVE-2022-27406
https://ubuntu.com/security/notices/USN-5453-1
| | gdk-pixbuf | CVE-2020-29385 | MEDIUM | 2.40.0-r3 | 2.40.0-r4 |
Expand...https://access.redhat.com/security/cve/CVE-2020-29385
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29385
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/blob/master/NEWS
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML/
https://mail.gnome.org/archives/distributor-list/2020-December/msg00000.html
https://security.gentoo.org/glsa/202012-15
https://ubuntu.com/security/CVE-2020-29385
https://ubuntu.com/security/notices/USN-4663-1
| | ghostscript | CVE-2020-15900 | CRITICAL | 9.52-r0 | 9.52-r1 |
Expand...http://git.ghostscript.com/?p=ghostpdl.git;a=log
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00006.html
https://access.redhat.com/security/cve/CVE-2020-15900
https://artifex.com/security-advisories/CVE-2020-15900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15900
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b
https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c
https://security.gentoo.org/glsa/202008-20
https://ubuntu.com/security/notices/USN-4445-1
https://usn.ubuntu.com/4445-1/
| | git | CVE-2021-40330 | HIGH | 2.26.3-r0 | 2.26.3-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2021-40330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40330
https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473
https://github.com/git/git/compare/v2.30.0...v2.30.1
https://nvd.nist.gov/vuln/detail/CVE-2021-40330
https://ubuntu.com/security/notices/USN-5076-1
| | gmp | CVE-2021-43618 | HIGH | 6.2.0-r0 | 6.2.1-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2021-43618
https://bugs.debian.org/994405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43618
https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html
https://nvd.nist.gov/vuln/detail/CVE-2021-43618
| | libblkid | CVE-2021-3995 | MEDIUM | 2.35.2-r0 | 2.37.3-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-3995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | libblkid | CVE-2021-3996 | MEDIUM | 2.35.2-r0 | 2.37.3-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-3996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | libblkid | CVE-2022-0563 | MEDIUM | 2.35.2-r0 | 2.37.4-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2022-0563
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2022-0563
https://security.netapp.com/advisory/ntap-20220331-0002/
| | libcrypto1.1 | CVE-2021-3711 | CRITICAL | 1.1.1k-r0 | 1.1.1l-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/08/26/2
https://access.redhat.com/security/cve/CVE-2021-3711
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-3711
https://rustsec.org/advisories/RUSTSEC-2021-0097.html
https://security.netapp.com/advisory/ntap-20210827-0010/
https://security.netapp.com/advisory/ntap-20211022-0003/
https://ubuntu.com/security/notices/USN-5051-1
https://www.debian.org/security/2021/dsa-4963
https://www.openssl.org/news/secadv/20210824.txt
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://www.tenable.com/security/tns-2022-02
| | libcrypto1.1 | CVE-2021-3712 | HIGH | 1.1.1k-r0 | 1.1.1l-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/08/26/2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json
https://access.redhat.com/security/cve/CVE-2021-3712
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12
https://kc.mcafee.com/corporate/index?page=content&id=SB10366
https://linux.oracle.com/cve/CVE-2021-3712.html
https://linux.oracle.com/errata/ELSA-2022-9023.html
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3712
https://rustsec.org/advisories/RUSTSEC-2021-0098.html
https://security.netapp.com/advisory/ntap-20210827-0010/
https://ubuntu.com/security/notices/USN-5051-1
https://ubuntu.com/security/notices/USN-5051-2
https://ubuntu.com/security/notices/USN-5051-3
https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm)
https://ubuntu.com/security/notices/USN-5088-1
https://www.debian.org/security/2021/dsa-4963
https://www.openssl.org/news/secadv/20210824.txt
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://www.tenable.com/security/tns-2022-02
| | libcrypto1.1 | CVE-2022-0778 | HIGH | 1.1.1k-r0 | 1.1.1n-r0 |
Expand...http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html
http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json
https://access.redhat.com/security/cve/CVE-2022-0778
https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
https://errata.almalinux.org/8/ALSA-2022-1065.html
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246
https://linux.oracle.com/cve/CVE-2022-0778.html
https://linux.oracle.com/errata/ELSA-2022-9272.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
https://rustsec.org/advisories/RUSTSEC-2022-0014.html
https://security.netapp.com/advisory/ntap-20220321-0002/
https://security.netapp.com/advisory/ntap-20220429-0005/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://ubuntu.com/security/notices/USN-5328-1
https://ubuntu.com/security/notices/USN-5328-2
https://www.debian.org/security/2022/dsa-5103
https://www.openssl.org/news/secadv/20220315.txt
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.tenable.com/security/tns-2022-06
https://www.tenable.com/security/tns-2022-07
https://www.tenable.com/security/tns-2022-08
https://www.tenable.com/security/tns-2022-09
| | libcurl | CVE-2021-22945 | CRITICAL | 7.76.1-r0 | 7.79.0-r0 |
Expand...http://seclists.org/fulldisclosure/2022/Mar/29
https://access.redhat.com/security/cve/CVE-2021-22945
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22945.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22945
https://hackerone.com/reports/1269242
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://nvd.nist.gov/vuln/detail/CVE-2021-22945
https://security.netapp.com/advisory/ntap-20211029-0003/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl | CVE-2021-22901 | HIGH | 7.76.1-r0 | 7.77.0-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-22901
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf
https://curl.se/docs/CVE-2021-22901.html
https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479
https://hackerone.com/reports/1180380
https://nvd.nist.gov/vuln/detail/CVE-2021-22901
https://security.netapp.com/advisory/ntap-20210723-0001/
https://security.netapp.com/advisory/ntap-20210727-0007/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | libcurl | CVE-2021-22946 | HIGH | 7.76.1-r0 | 7.79.0-r0 |
Expand...http://seclists.org/fulldisclosure/2022/Mar/29
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22946.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22947.json
https://access.redhat.com/security/cve/CVE-2021-22946
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22946.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946
https://hackerone.com/reports/1334111
https://linux.oracle.com/cve/CVE-2021-22946.html
https://linux.oracle.com/errata/ELSA-2021-4059.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://nvd.nist.gov/vuln/detail/CVE-2021-22946
https://security.netapp.com/advisory/ntap-20211029-0003/
https://security.netapp.com/advisory/ntap-20220121-0008/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://ubuntu.com/security/notices/USN-5079-2
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl | CVE-2022-22576 | HIGH | 7.76.1-r0 | 7.79.1-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://hackerone.com/reports/1526328
https://nvd.nist.gov/vuln/detail/CVE-2022-22576
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| | libcurl | CVE-2022-27775 | HIGH | 7.76.1-r0 | 7.79.1-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://hackerone.com/reports/1546268
https://nvd.nist.gov/vuln/detail/CVE-2022-27775
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| | libcurl | CVE-2021-22922 | MEDIUM | 7.76.1-r0 | 7.78.0-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-22922
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22922.html
https://hackerone.com/reports/1213175
https://linux.oracle.com/cve/CVE-2021-22922.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://nvd.nist.gov/vuln/detail/CVE-2021-22922
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl | CVE-2021-22923 | MEDIUM | 7.76.1-r0 | 7.78.0-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-22923
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22923.html
https://hackerone.com/reports/1213181
https://linux.oracle.com/cve/CVE-2021-22923.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://nvd.nist.gov/vuln/detail/CVE-2021-22923
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl | CVE-2021-22925 | MEDIUM | 7.76.1-r0 | 7.78.0-r0 |
Expand...http://seclists.org/fulldisclosure/2021/Sep/39
http://seclists.org/fulldisclosure/2021/Sep/40
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22925.json
https://access.redhat.com/security/cve/CVE-2021-22925
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://curl.se/docs/CVE-2021-22925.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22925
https://errata.almalinux.org/8/ALSA-2021-4511.html
https://hackerone.com/reports/1223882
https://linux.oracle.com/cve/CVE-2021-22925.html
https://linux.oracle.com/errata/ELSA-2021-4511.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://nvd.nist.gov/vuln/detail/CVE-2021-22925
https://security.netapp.com/advisory/ntap-20210902-0003/
https://support.apple.com/kb/HT212804
https://support.apple.com/kb/HT212805
https://ubuntu.com/security/notices/USN-5021-1
https://ubuntu.com/security/notices/USN-5021-2
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl | CVE-2021-22947 | MEDIUM | 7.76.1-r0 | 7.79.0-r0 |
Expand...http://seclists.org/fulldisclosure/2022/Mar/29
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22946.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22947.json
https://access.redhat.com/security/cve/CVE-2021-22947
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22947.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947
https://hackerone.com/reports/1334763
https://launchpad.net/bugs/1944120 (regression bug)
https://linux.oracle.com/cve/CVE-2021-22947.html
https://linux.oracle.com/errata/ELSA-2021-4059.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://nvd.nist.gov/vuln/detail/CVE-2021-22947
https://security.netapp.com/advisory/ntap-20211029-0003/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://ubuntu.com/security/notices/USN-5079-2
https://ubuntu.com/security/notices/USN-5079-3
https://ubuntu.com/security/notices/USN-5079-4
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl | CVE-2022-27774 | MEDIUM | 7.76.1-r0 | 7.79.1-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://hackerone.com/reports/1543773
https://nvd.nist.gov/vuln/detail/CVE-2022-27774
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| | libcurl | CVE-2022-27776 | MEDIUM | 7.76.1-r0 | 7.79.1-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://hackerone.com/reports/1547048
https://nvd.nist.gov/vuln/detail/CVE-2022-27776
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| | libcurl | CVE-2021-22898 | LOW | 7.76.1-r0 | 7.77.0-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/07/21/4
https://access.redhat.com/security/cve/CVE-2021-22898
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22898.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898
https://errata.almalinux.org/8/ALSA-2021-4511.html
https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
https://hackerone.com/reports/1176461
https://linux.oracle.com/cve/CVE-2021-22898.html
https://linux.oracle.com/errata/ELSA-2021-4511.html
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/
https://nvd.nist.gov/vuln/detail/CVE-2021-22898
https://ubuntu.com/security/notices/USN-5021-1
https://ubuntu.com/security/notices/USN-5021-2
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | libcurl | CVE-2021-22924 | LOW | 7.76.1-r0 | 7.78.0-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-22924
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf
https://curl.se/docs/CVE-2021-22924.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924
https://hackerone.com/reports/1223565
https://linux.oracle.com/cve/CVE-2021-22924.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://nvd.nist.gov/vuln/detail/CVE-2021-22924
https://security.netapp.com/advisory/ntap-20210902-0003/
https://ubuntu.com/security/notices/USN-5021-1
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libmount | CVE-2021-3995 | MEDIUM | 2.35.2-r0 | 2.37.3-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-3995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | libmount | CVE-2021-3996 | MEDIUM | 2.35.2-r0 | 2.37.3-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-3996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | libmount | CVE-2022-0563 | MEDIUM | 2.35.2-r0 | 2.37.4-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2022-0563
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2022-0563
https://security.netapp.com/advisory/ntap-20220331-0002/
| | libssl1.1 | CVE-2021-3711 | CRITICAL | 1.1.1k-r0 | 1.1.1l-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/08/26/2
https://access.redhat.com/security/cve/CVE-2021-3711
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-3711
https://rustsec.org/advisories/RUSTSEC-2021-0097.html
https://security.netapp.com/advisory/ntap-20210827-0010/
https://security.netapp.com/advisory/ntap-20211022-0003/
https://ubuntu.com/security/notices/USN-5051-1
https://www.debian.org/security/2021/dsa-4963
https://www.openssl.org/news/secadv/20210824.txt
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://www.tenable.com/security/tns-2022-02
| | libssl1.1 | CVE-2021-3712 | HIGH | 1.1.1k-r0 | 1.1.1l-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/08/26/2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json
https://access.redhat.com/security/cve/CVE-2021-3712
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12
https://kc.mcafee.com/corporate/index?page=content&id=SB10366
https://linux.oracle.com/cve/CVE-2021-3712.html
https://linux.oracle.com/errata/ELSA-2022-9023.html
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3712
https://rustsec.org/advisories/RUSTSEC-2021-0098.html
https://security.netapp.com/advisory/ntap-20210827-0010/
https://ubuntu.com/security/notices/USN-5051-1
https://ubuntu.com/security/notices/USN-5051-2
https://ubuntu.com/security/notices/USN-5051-3
https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm)
https://ubuntu.com/security/notices/USN-5088-1
https://www.debian.org/security/2021/dsa-4963
https://www.openssl.org/news/secadv/20210824.txt
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://www.tenable.com/security/tns-2022-02
| | libssl1.1 | CVE-2022-0778 | HIGH | 1.1.1k-r0 | 1.1.1n-r0 |
Expand...http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html
http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json
https://access.redhat.com/security/cve/CVE-2022-0778
https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
https://errata.almalinux.org/8/ALSA-2022-1065.html
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246
https://linux.oracle.com/cve/CVE-2022-0778.html
https://linux.oracle.com/errata/ELSA-2022-9272.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
https://rustsec.org/advisories/RUSTSEC-2022-0014.html
https://security.netapp.com/advisory/ntap-20220321-0002/
https://security.netapp.com/advisory/ntap-20220429-0005/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://ubuntu.com/security/notices/USN-5328-1
https://ubuntu.com/security/notices/USN-5328-2
https://www.debian.org/security/2022/dsa-5103
https://www.openssl.org/news/secadv/20220315.txt
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.tenable.com/security/tns-2022-06
https://www.tenable.com/security/tns-2022-07
https://www.tenable.com/security/tns-2022-08
https://www.tenable.com/security/tns-2022-09
| | libuuid | CVE-2021-3995 | MEDIUM | 2.35.2-r0 | 2.37.3-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-3995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | libuuid | CVE-2021-3996 | MEDIUM | 2.35.2-r0 | 2.37.3-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-3996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
| | libuuid | CVE-2022-0563 | MEDIUM | 2.35.2-r0 | 2.37.4-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2022-0563
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2022-0563
https://security.netapp.com/advisory/ntap-20220331-0002/
| | libx11 | CVE-2021-31535 | CRITICAL | 1.6.12-r0 | 1.6.12-r1 |
Expand...http://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-Injection.html
http://seclists.org/fulldisclosure/2021/May/52
http://www.openwall.com/lists/oss-security/2021/05/18/2
https://access.redhat.com/security/cve/CVE-2021-31535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31535
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605
https://linux.oracle.com/cve/CVE-2021-31535.html
https://linux.oracle.com/errata/ELSA-2021-4326.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/05/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEOT4RLB76RVPJQKGGTIKTBIOLHX2NR6/
https://lists.freedesktop.org/archives/xorg/
https://lists.x.org/archives/xorg-announce/2021-May/003088.html
https://security.gentoo.org/glsa/202105-16
https://security.netapp.com/advisory/ntap-20210813-0001/
https://ubuntu.com/security/notices/USN-4966-1
https://ubuntu.com/security/notices/USN-4966-2
https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/
https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt
https://www.debian.org/security/2021/dsa-4920
https://www.openwall.com/lists/oss-security/2021/05/18/2
https://www.openwall.com/lists/oss-security/2021/05/18/3
| | libxml2 | CVE-2021-3517 | HIGH | 2.9.10-r5 | 2.9.10-r6 |
Expand...https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json
https://access.redhat.com/security/cve/CVE-2021-3517
https://bugzilla.redhat.com/show_bug.cgi?id=1954232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517
https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2
https://gitlab.gnome.org/GNOME/libxml2/-/issues/235
https://linux.oracle.com/cve/CVE-2021-3517.html
https://linux.oracle.com/errata/ELSA-2021-2569.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
https://nvd.nist.gov/vuln/detail/CVE-2021-3517
https://security.gentoo.org/glsa/202107-05
https://security.netapp.com/advisory/ntap-20210625-0002/
https://security.netapp.com/advisory/ntap-20211022-0004/
https://ubuntu.com/security/notices/USN-4991-1
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libxml2 | CVE-2021-3518 | HIGH | 2.9.10-r5 | 2.9.10-r6 |
Expand...http://seclists.org/fulldisclosure/2021/Jul/54
http://seclists.org/fulldisclosure/2021/Jul/55
http://seclists.org/fulldisclosure/2021/Jul/58
http://seclists.org/fulldisclosure/2021/Jul/59
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json
https://access.redhat.com/security/cve/CVE-2021-3518
https://bugzilla.redhat.com/show_bug.cgi?id=1954242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7
https://gitlab.gnome.org/GNOME/libxml2/-/issues/237
https://linux.oracle.com/cve/CVE-2021-3518.html
https://linux.oracle.com/errata/ELSA-2021-2569.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
https://nvd.nist.gov/vuln/detail/CVE-2021-3518
https://security.gentoo.org/glsa/202107-05
https://security.netapp.com/advisory/ntap-20210625-0002/
https://support.apple.com/kb/HT212601
https://support.apple.com/kb/HT212602
https://support.apple.com/kb/HT212604
https://support.apple.com/kb/HT212605
https://ubuntu.com/security/notices/USN-4991-1
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libxml2 | CVE-2022-23308 | HIGH | 2.9.10-r5 | 2.9.13-r0 |
Expand...http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/34
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/36
http://seclists.org/fulldisclosure/2022/May/37
http://seclists.org/fulldisclosure/2022/May/38
https://access.redhat.com/security/cve/CVE-2022-23308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308
https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e
https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS
https://linux.oracle.com/cve/CVE-2022-23308.html
https://linux.oracle.com/errata/ELSA-2022-0899.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/
https://nvd.nist.gov/vuln/detail/CVE-2022-23308
https://security.netapp.com/advisory/ntap-20220331-0008/
https://support.apple.com/kb/HT213253
https://support.apple.com/kb/HT213254
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://support.apple.com/kb/HT213258
https://ubuntu.com/security/notices/USN-5324-1
https://ubuntu.com/security/notices/USN-5422-1
| | libxml2 | CVE-2021-3537 | MEDIUM | 2.9.10-r5 | 2.9.10-r6 |
Expand...https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json
https://access.redhat.com/security/cve/CVE-2021-3537
https://bugzilla.redhat.com/show_bug.cgi?id=1956522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537
https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61
https://gitlab.gnome.org/GNOME/libxml2/-/issues/243
https://gitlab.gnome.org/GNOME/libxml2/-/issues/244
https://gitlab.gnome.org/GNOME/libxml2/-/issues/245
https://linux.oracle.com/cve/CVE-2021-3537.html
https://linux.oracle.com/errata/ELSA-2021-2569.html
https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
https://nvd.nist.gov/vuln/detail/CVE-2021-3537
https://security.gentoo.org/glsa/202107-05
https://security.netapp.com/advisory/ntap-20210625-0002/
https://ubuntu.com/security/notices/USN-4991-1
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libxml2 | CVE-2021-3541 | MEDIUM | 2.9.10-r5 | 2.9.12-r0 |
Expand...https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json
https://access.redhat.com/security/cve/CVE-2021-3541
https://blog.hartwork.org/posts/cve-2021-3541-parameter-laughs-fixed-in-libxml2-2-9-11/
https://bugzilla.redhat.com/show_bug.cgi?id=1950515
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541
https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e
https://gitlab.gnome.org/GNOME/libxml2/-/issues/228 (currently private)
https://linux.oracle.com/cve/CVE-2021-3541.html
https://linux.oracle.com/errata/ELSA-2021-2569.html
https://security.netapp.com/advisory/ntap-20210805-0007/
https://ubuntu.com/security/notices/USN-4991-1
https://www.oracle.com/security-alerts/cpujan2022.html
| | libxml2 | CVE-2022-29824 | MEDIUM | 2.9.10-r5 | 2.9.14-r0 |
Expand...http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html
https://access.redhat.com/security/cve/CVE-2022-29824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824
https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab
https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab (v2.9.14)
https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd
https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd (master)
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14
https://gitlab.gnome.org/GNOME/libxslt/-/tags
https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/
https://nvd.nist.gov/vuln/detail/CVE-2022-29824
https://ubuntu.com/security/notices/USN-5422-1
https://www.debian.org/security/2022/dsa-5142
| | ncurses-libs | CVE-2021-39537 | HIGH | 6.2_p20200523-r0 | 6.2_p20200523-r1 |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
https://ubuntu.com/security/notices/USN-5477-1
| | ncurses-terminfo-base | CVE-2021-39537 | HIGH | 6.2_p20200523-r0 | 6.2_p20200523-r1 |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
https://ubuntu.com/security/notices/USN-5477-1
| | nettle | CVE-2021-3580 | HIGH | 3.5.1-r1 | 3.5.1-r2 |
Expand...https://access.redhat.com/security/cve/CVE-2021-3580
https://bugzilla.redhat.com/show_bug.cgi?id=1967983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3580
https://linux.oracle.com/cve/CVE-2021-3580.html
https://linux.oracle.com/errata/ELSA-2022-9221.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3580
https://security.netapp.com/advisory/ntap-20211104-0006/
https://ubuntu.com/security/notices/USN-4990-1
| | nginx | CVE-2021-23017 | CRITICAL | 1.18.0-r1 | 1.18.0-r2 |
Expand...http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html
https://access.redhat.com/security/cve/CVE-2021-23017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017
https://linux.oracle.com/cve/CVE-2021-23017.html
https://linux.oracle.com/errata/ELSA-2022-0323.html
https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3Cnotifications.apisix.apache.org%3E
https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3Cnotifications.apisix.apache.org%3E
https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3Cnotifications.apisix.apache.org%3E
https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3Cnotifications.apisix.apache.org%3E
https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3Cnotifications.apisix.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/
https://nvd.nist.gov/vuln/detail/CVE-2021-23017
https://security.netapp.com/advisory/ntap-20210708-0006/
https://support.f5.com/csp/article/K12331123,
https://ubuntu.com/security/notices/USN-4967-1
https://ubuntu.com/security/notices/USN-4967-2
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.x41-dsec.de/lab/advisories/x41-2021-002-nginx-resolver-copy/
| | openssl | CVE-2021-3711 | CRITICAL | 1.1.1k-r0 | 1.1.1l-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/08/26/2
https://access.redhat.com/security/cve/CVE-2021-3711
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-3711
https://rustsec.org/advisories/RUSTSEC-2021-0097.html
https://security.netapp.com/advisory/ntap-20210827-0010/
https://security.netapp.com/advisory/ntap-20211022-0003/
https://ubuntu.com/security/notices/USN-5051-1
https://www.debian.org/security/2021/dsa-4963
https://www.openssl.org/news/secadv/20210824.txt
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://www.tenable.com/security/tns-2022-02
| | openssl | CVE-2021-3712 | HIGH | 1.1.1k-r0 | 1.1.1l-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/08/26/2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json
https://access.redhat.com/security/cve/CVE-2021-3712
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12
https://kc.mcafee.com/corporate/index?page=content&id=SB10366
https://linux.oracle.com/cve/CVE-2021-3712.html
https://linux.oracle.com/errata/ELSA-2022-9023.html
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3712
https://rustsec.org/advisories/RUSTSEC-2021-0098.html
https://security.netapp.com/advisory/ntap-20210827-0010/
https://ubuntu.com/security/notices/USN-5051-1
https://ubuntu.com/security/notices/USN-5051-2
https://ubuntu.com/security/notices/USN-5051-3
https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm)
https://ubuntu.com/security/notices/USN-5088-1
https://www.debian.org/security/2021/dsa-4963
https://www.openssl.org/news/secadv/20210824.txt
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://www.tenable.com/security/tns-2022-02
| | openssl | CVE-2022-0778 | HIGH | 1.1.1k-r0 | 1.1.1n-r0 |
Expand...http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html
http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json
https://access.redhat.com/security/cve/CVE-2022-0778
https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
https://crates.io/crates/openssl-src
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
https://errata.almalinux.org/8/ALSA-2022-1065.html
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246
https://linux.oracle.com/cve/CVE-2022-0778.html
https://linux.oracle.com/errata/ELSA-2022-9272.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
https://rustsec.org/advisories/RUSTSEC-2022-0014.html
https://security.netapp.com/advisory/ntap-20220321-0002/
https://security.netapp.com/advisory/ntap-20220429-0005/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://ubuntu.com/security/notices/USN-5328-1
https://ubuntu.com/security/notices/USN-5328-2
https://www.debian.org/security/2022/dsa-5103
https://www.openssl.org/news/secadv/20220315.txt
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.tenable.com/security/tns-2022-06
https://www.tenable.com/security/tns-2022-07
https://www.tenable.com/security/tns-2022-08
https://www.tenable.com/security/tns-2022-09
| | php7 | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7 | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7 | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7 | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-common | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-common | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-common | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-common | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-ctype | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-ctype | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-ctype | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-ctype | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-curl | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-curl | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-curl | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-curl | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-dom | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-dom | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-dom | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-dom | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-exif | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-exif | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-exif | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-exif | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-fileinfo | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-fileinfo | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-fileinfo | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-fileinfo | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-fpm | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-fpm | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-fpm | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-fpm | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-iconv | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-iconv | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-iconv | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-iconv | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-intl | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-intl | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-intl | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-intl | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-json | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-json | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-json | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-json | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-mbstring | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-mbstring | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-mbstring | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-mbstring | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-openssl | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-openssl | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-openssl | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-openssl | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-phar | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-phar | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-phar | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-phar | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-session | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-session | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-session | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-session | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-simplexml | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-simplexml | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-simplexml | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-simplexml | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-xml | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-xml | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-xml | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-xml | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | php7-xmlwriter | CVE-2021-21703 | HIGH | 7.3.27-r0 | 7.3.32-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/10/26/7
https://access.redhat.com/security/cve/CVE-2021-21703
https://bugs.php.net/bug.php?id=81026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
https://linux.oracle.com/cve/CVE-2021-21703.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://nvd.nist.gov/vuln/detail/CVE-2021-21703
https://security.netapp.com/advisory/ntap-20211118-0003/
https://ubuntu.com/security/notices/USN-5125-1
https://www.ambionics.io/blog/php-fpm-local-root
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-xmlwriter | CVE-2021-21705 | MEDIUM | 7.3.27-r0 | 7.3.29-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21705
https://bugs.php.net/bug.php?id=81122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21705
https://errata.almalinux.org/8/ALSA-2022-1935.html
https://linux.oracle.com/cve/CVE-2021-21705.html
https://linux.oracle.com/errata/ELSA-2022-1935.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21705
https://security.netapp.com/advisory/ntap-20211029-0006/
https://ubuntu.com/security/notices/USN-5006-1
https://ubuntu.com/security/notices/USN-5006-2
https://www.oracle.com/security-alerts/cpujan2022.html
| | php7-xmlwriter | CVE-2021-21706 | MEDIUM | 7.3.27-r0 | 7.3.31-r0 |
Expand...https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/
| | php7-xmlwriter | CVE-2021-21707 | MEDIUM | 7.3.27-r0 | 7.3.33-r0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-21707
https://bugs.php.net/bug.php?id=79971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21707
https://nvd.nist.gov/vuln/detail/CVE-2021-21707
https://security.netapp.com/advisory/ntap-20211223-0005/
https://ubuntu.com/security/notices/USN-5300-1
https://ubuntu.com/security/notices/USN-5300-2
https://ubuntu.com/security/notices/USN-5300-3
https://www.debian.org/security/2022/dsa-5082
https://www.tenable.com/security/tns-2022-09
| | ssl_client | CVE-2022-28391 | CRITICAL | 1.31.1-r20 | 1.31.1-r22 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| | ssl_client | CVE-2021-42378 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42378
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42379 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42379
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42380 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42380
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42381 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42381
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42382 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42382
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42383 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42383
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| | ssl_client | CVE-2021-42384 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42384
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42385 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42385
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42386 | HIGH | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42386
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r20 | 1.31.1-r21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-42374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://nvd.nist.gov/vuln/detail/CVE-2021-42374
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | xz | CVE-2022-1271 | HIGH | 5.2.5-r0 | 5.2.5-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-1271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
https://errata.almalinux.org/8/ALSA-2022-1537.html
https://linux.oracle.com/cve/CVE-2022-1271.html
https://linux.oracle.com/errata/ELSA-2022-5052.html
https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
https://ubuntu.com/security/notices/USN-5378-1
https://ubuntu.com/security/notices/USN-5378-2
https://ubuntu.com/security/notices/USN-5378-3
https://ubuntu.com/security/notices/USN-5378-4
https://www.openwall.com/lists/oss-security/2022/04/07/8
| | xz-libs | CVE-2022-1271 | HIGH | 5.2.5-r0 | 5.2.5-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-1271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
https://errata.almalinux.org/8/ALSA-2022-1537.html
https://linux.oracle.com/cve/CVE-2022-1271.html
https://linux.oracle.com/errata/ELSA-2022-5052.html
https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
https://ubuntu.com/security/notices/USN-5378-1
https://ubuntu.com/security/notices/USN-5378-2
https://ubuntu.com/security/notices/USN-5378-3
https://ubuntu.com/security/notices/USN-5378-4
https://www.openwall.com/lists/oss-security/2022/04/07/8
| | zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 |
Expand...http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://errata.almalinux.org/8/ALSA-2022-2201.html
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ
https://linux.oracle.com/cve/CVE-2018-25032.html
https://linux.oracle.com/errata/ELSA-2022-2213.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://security.netapp.com/advisory/ntap-20220526-0009/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://ubuntu.com/security/notices/USN-5359-2
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3
| **node-pkg** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | acorn | GHSA-6chw-6frg-f759 | HIGH | 6.1.1 | 5.7.4, 7.1.1, 6.4.1 |
Expand...https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802
https://github.com/acornjs/acorn/issues/929
https://github.com/advisories/GHSA-6chw-6frg-f759
https://snyk.io/vuln/SNYK-JS-ACORN-559469
https://www.npmjs.com/advisories/1488
| | ajv | CVE-2020-15366 | MEDIUM | 6.10.0 | 6.12.3 |
Expand...https://access.redhat.com/security/cve/CVE-2020-15366
https://errata.almalinux.org/8/ALSA-2021-0551.html
https://github.com/advisories/GHSA-v88g-cgmw-v5xw
https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f
https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
https://github.com/ajv-validator/ajv/tags
https://hackerone.com/bugs?subject=user&report_id=894259
https://linux.oracle.com/cve/CVE-2020-15366.html
https://linux.oracle.com/errata/ELSA-2021-0551.html
https://nvd.nist.gov/vuln/detail/CVE-2020-15366
https://snyk.io/vuln/SNYK-JS-AJV-584908
| | ansi-html | CVE-2021-23424 | HIGH | 0.0.7 | 0.0.8 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23424
https://github.com/Tjatse/ansi-html/commit/8142b25bca3133ea060bcc1889277dc482327a63
https://github.com/Tjatse/ansi-html/issues/19
https://github.com/advisories/GHSA-whgm-jr23-g3j9
https://github.com/ioet/time-tracker-ui/security/advisories/GHSA-4fjc-8q3h-8r69
https://nvd.nist.gov/vuln/detail/CVE-2021-23424
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1567198
https://snyk.io/vuln/SNYK-JS-ANSIHTML-1296849
| | ansi-regex | CVE-2021-3807 | HIGH | 3.0.0 | 3.0.1, 4.1.1, 5.0.1, 6.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2021-3807
https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
https://github.com/advisories/GHSA-93q8-gq69-wqmw
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311
https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774
https://github.com/chalk/ansi-regex/releases/tag/v6.0.1
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://linux.oracle.com/cve/CVE-2021-3807.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
https://www.oracle.com/security-alerts/cpuapr2022.html
| | browserslist | CVE-2021-23364 | MEDIUM | 4.4.2 | 4.16.5 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23364
https://github.com/advisories/GHSA-w8qv-6jwh-64r5
https://github.com/browserslist/browserslist/blob/e82f32d1d4100d6bc79ea0b6b6a2d281a561e33c/index.js%23L472-L474
https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98
https://github.com/browserslist/browserslist/pull/593
https://nvd.nist.gov/vuln/detail/CVE-2021-23364
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1277182
https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194
| | color-string | CVE-2021-29060 | MEDIUM | 1.5.3 | 1.5.5 |
Expand...https://access.redhat.com/security/cve/CVE-2021-29060
https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3
https://github.com/Qix-/color-string/releases/tag/1.5.5
https://github.com/advisories/GHSA-257v-vj4p-3w2h
https://github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md
https://github.com/yetingli/SaveResults/blob/main/js/color-string.js
https://nvd.nist.gov/vuln/detail/CVE-2021-29060
https://snyk.io/vuln/SNYK-JS-COLORSTRING-1082939
https://www.npmjs.com/package/color-string
| | dns-packet | CVE-2021-23386 | HIGH | 1.3.1 | 1.3.2, 5.2.2 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23386
https://github.com/advisories/GHSA-3wcq-x3mq-6r9p
https://github.com/mafintosh/dns-packet/commit/0d0d593f8df4e2712c43957a6c62e95047f12b2d
https://github.com/mafintosh/dns-packet/commit/25f15dd0fedc53688b25fd053ebbdffe3d5c1c56
https://hackerone.com/bugs?subject=user&amp%3Breport_id=968858
https://nvd.nist.gov/vuln/detail/CVE-2021-23386
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1295719
https://snyk.io/vuln/SNYK-JS-DNSPACKET-1293563
| | dot-prop | CVE-2020-8116 | HIGH | 4.2.0 | 5.1.1, 4.2.1 |
Expand...https://access.redhat.com/security/cve/CVE-2020-8116
https://errata.almalinux.org/8/ALSA-2021-0548.html
https://github.com/advisories/GHSA-ff7x-qrg7-qggm
https://github.com/sindresorhus/dot-prop/issues/63
https://github.com/sindresorhus/dot-prop/tree/v4
https://hackerone.com/reports/719856
https://linux.oracle.com/cve/CVE-2020-8116.html
https://linux.oracle.com/errata/ELSA-2021-0548.html
https://nvd.nist.gov/vuln/detail/CVE-2020-8116
| | elliptic | CVE-2020-13822 | HIGH | 6.4.1 | 6.5.3 |
Expand...https://access.redhat.com/security/cve/CVE-2020-13822
https://github.com/advisories/GHSA-vh7m-p724-62c2
https://github.com/indutny/elliptic/issues/226
https://medium.com/@herman_10687/malleability-attack-why-it-matters-7b5f59fb99a4
https://nvd.nist.gov/vuln/detail/CVE-2020-13822
https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484
https://www.npmjs.com/package/elliptic
https://yondon.blog/2019/01/01/how-not-to-use-ecdsa/
| | elliptic | CVE-2020-28498 | MEDIUM | 6.4.1 | 6.5.4 |
Expand...https://github.com/advisories/GHSA-r9p9-mrjm-926w
https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md
https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f
https://github.com/indutny/elliptic/pull/244/commits
https://nvd.nist.gov/vuln/detail/CVE-2020-28498
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1069836
https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899
https://www.npmjs.com/package/elliptic
| | eventsource | CVE-2022-1650 | CRITICAL | 1.0.7 | 2.0.2, 1.1.1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-1650
https://github.com/EventSource/eventsource/commit/f9f6416567bff62c1af2f4314be51d9870e94bc2
https://github.com/EventSource/eventsource/pull/273#issuecomment-1127624508
https://github.com/advisories/GHSA-6h5x-7c5m-7cr7
https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4
https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e
https://nvd.nist.gov/vuln/detail/CVE-2022-1650
| | follow-redirects | CVE-2022-0155 | HIGH | 1.7.0 | 1.14.7 |
Expand...https://access.redhat.com/security/cve/CVE-2022-0155
https://github.com/advisories/GHSA-74fj-2j2h-c42q
https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22
https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406
https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406/
https://nvd.nist.gov/vuln/detail/CVE-2022-0155
| | follow-redirects | CVE-2022-0536 | MEDIUM | 1.7.0 | 1.14.8 |
Expand...https://access.redhat.com/security/cve/CVE-2022-0536
https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445
https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db
https://nvd.nist.gov/vuln/detail/CVE-2022-0536
| | glob-parent | CVE-2020-28469 | HIGH | 3.1.0 | 5.1.2 |
Expand...https://access.redhat.com/security/cve/CVE-2020-28469
https://github.com/advisories/GHSA-ww39-953v-wcq6
https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9
https://github.com/gulpjs/glob-parent/pull/36
https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
https://linux.oracle.com/cve/CVE-2020-28469.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2020-28469
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092
https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
https://www.oracle.com/security-alerts/cpujan2022.html
| | hosted-git-info | CVE-2021-23362 | MEDIUM | 2.7.1 | 2.8.9, 3.0.8 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23362
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://errata.almalinux.org/8/ALSA-2021-3074.html
https://github.com/advisories/GHSA-43f8-2h32-f4cj
https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7
https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01
https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3
https://github.com/npm/hosted-git-info/commits/v2
https://github.com/npm/hosted-git-info/pull/76
https://linux.oracle.com/cve/CVE-2021-23362.html
https://linux.oracle.com/errata/ELSA-2021-3074.html
https://nvd.nist.gov/vuln/detail/CVE-2021-23362
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356
https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
| | http-proxy | GHSA-6x33-pw7p-hmpq | HIGH | 1.17.0 | 1.18.1 |
Expand...https://github.com/advisories/GHSA-6x33-pw7p-hmpq
https://github.com/http-party/node-http-proxy/pull/1447/files
https://www.npmjs.com/advisories/1486
| | ini | CVE-2020-7788 | HIGH | 1.3.5 | 1.3.6 |
Expand...https://access.redhat.com/security/cve/CVE-2020-7788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788
https://github.com/advisories/GHSA-qqgx-2p2h-9c37
https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1
https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6)
https://linux.oracle.com/cve/CVE-2020-7788.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7788
https://snyk.io/vuln/SNYK-JS-INI-1048974
https://www.npmjs.com/advisories/1589
| | is-svg | CVE-2021-28092 | HIGH | 3.0.0 | 4.2.2 |
Expand...https://access.redhat.com/security/cve/CVE-2021-28092
https://github.com/advisories/GHSA-7r28-3m3f-r2pr
https://github.com/sindresorhus/is-svg/commit/01f8a087fab8a69c3ac9085fbb16035907ab6a5b
https://github.com/sindresorhus/is-svg/releases
https://github.com/sindresorhus/is-svg/releases/tag/v4.2.2
https://nvd.nist.gov/vuln/detail/CVE-2021-28092
https://security.netapp.com/advisory/ntap-20210513-0008/
https://www.npmjs.com/package/is-svg
| | is-svg | CVE-2021-29059 | HIGH | 3.0.0 | 4.3.0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-29059
https://github.com/advisories/GHSA-r8j5-h5cx-65gg
https://github.com/sindresorhus/is-svg/commit/732fc72779840c45a30817d3fe28e12058592b02
https://github.com/sindresorhus/is-svg/releases/tag/v4.3.0
https://github.com/yetingli/PoCs/blob/main/CVE-2021-29059/IS-SVG.md
https://github.com/yetingli/SaveResults/blob/main/js/is-svg.js
https://nvd.nist.gov/vuln/detail/CVE-2021-29059
https://www.npmjs.com/package/is-svg
| | js-yaml | GHSA-8j8c-7jfh-h6hx | HIGH | 3.12.2 | 3.13.1 |
Expand...https://github.com/advisories/GHSA-8j8c-7jfh-h6hx
https://github.com/nodeca/js-yaml/pull/480
https://www.npmjs.com/advisories/813
| | js-yaml | GHSA-2pr6-76vf-7546 | MEDIUM | 3.12.2 | 3.13.0 |
Expand...https://github.com/advisories/GHSA-2pr6-76vf-7546
https://github.com/nodeca/js-yaml/commit/a567ef3c6e61eb319f0bfc2671d91061afb01235
https://github.com/nodeca/js-yaml/issues/475
https://snyk.io/vuln/SNYK-JS-JSYAML-173999
https://www.npmjs.com/advisories/788
https://www.npmjs.com/advisories/788/versions
| | kind-of | CVE-2019-20149 | HIGH | 6.0.2 | 6.0.3 |
Expand...https://access.redhat.com/security/cve/CVE-2019-20149
https://github.com/advisories/GHSA-6c8f-qphg-qjgp
https://github.com/jonschlinkert/kind-of/commit/1df992ce6d5a1292048e5fe9c52c5382f941ee0b
https://github.com/jonschlinkert/kind-of/issues/30
https://github.com/jonschlinkert/kind-of/pull/31
https://nvd.nist.gov/vuln/detail/CVE-2019-20149
https://snyk.io/vuln/SNYK-JS-KINDOF-537849
https://www.npmjs.com/advisories/1490
| | lodash | CVE-2019-10744 | CRITICAL | 4.17.11 | 4.17.12 |
Expand...https://access.redhat.com/errata/RHSA-2019:3024
https://access.redhat.com/security/cve/CVE-2019-10744
https://github.com/advisories/GHSA-jf85-cpcp-j695
https://github.com/lodash/lodash/pull/4336
https://nvd.nist.gov/vuln/detail/CVE-2019-10744
https://security.netapp.com/advisory/ntap-20191004-0005/
https://snyk.io/vuln/SNYK-JS-LODASH-450202
https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS
https://www.npmjs.com/advisories/1065
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
| | lodash | CVE-2020-8203 | HIGH | 4.17.11 | 4.17.20 |
Expand...https://access.redhat.com/security/cve/CVE-2020-8203
https://github.com/advisories/GHSA-p6mc-m468-83gw
https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12
https://github.com/lodash/lodash/issues/4744
https://github.com/lodash/lodash/issues/4874
https://hackerone.com/reports/712065
https://nvd.nist.gov/vuln/detail/CVE-2020-8203
https://security.netapp.com/advisory/ntap-20200724-0006/
https://www.npmjs.com/advisories/1523
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | lodash | CVE-2021-23337 | HIGH | 4.17.11 | 4.17.21 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337
https://github.com/advisories/GHSA-35jh-r3h4-6jhm
https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851
https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851
https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
https://nvd.nist.gov/vuln/detail/CVE-2021-23337
https://security.netapp.com/advisory/ntap-20210312-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
https://snyk.io/vuln/SNYK-JS-LODASH-1040724
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | lodash | CVE-2020-28500 | MEDIUM | 4.17.11 | 4.17.21 |
Expand...https://access.redhat.com/security/cve/CVE-2020-28500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
https://github.com/advisories/GHSA-29mw-wpgm-hmr9
https://github.com/lodash/lodash/blob/npm/trimEnd.js#L8
https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8
https://github.com/lodash/lodash/pull/5065
https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7
https://nvd.nist.gov/vuln/detail/CVE-2020-28500
https://security.netapp.com/advisory/ntap-20210312-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893
https://snyk.io/vuln/SNYK-JS-LODASH-1018905
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | mem | GHSA-4xcv-9jjx-gfj3 | MEDIUM | 1.1.0 | 4.0.0 |
Expand...https://bugzilla.redhat.com/show_bug.cgi?id=1623744
https://github.com/advisories/GHSA-4xcv-9jjx-gfj3
https://github.com/sindresorhus/mem/commit/da4e4398cb27b602de3bd55f746efa9b4a31702b
https://snyk.io/vuln/npm:mem:20180117
https://www.npmjs.com/advisories/1084
| | minimist | CVE-2021-44906 | CRITICAL | 0.0.8 | 1.2.6 |
Expand...https://access.redhat.com/security/cve/CVE-2021-44906
https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip
https://github.com/advisories/GHSA-xvch-5gv4-984h
https://github.com/substack/minimist/blob/master/index.js#L69
https://github.com/substack/minimist/issues/164
https://nvd.nist.gov/vuln/detail/CVE-2021-44906
https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068
| | minimist | CVE-2020-7598 | MEDIUM | 0.0.8 | 1.2.3, 0.2.1 |
Expand...http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html
https://access.redhat.com/security/cve/CVE-2020-7598
https://errata.almalinux.org/8/ALSA-2020-2852.html
https://github.com/advisories/GHSA-vh95-rmgr-6w4m
https://github.com/substack/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab
https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95
https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
https://linux.oracle.com/cve/CVE-2020-7598.html
https://linux.oracle.com/errata/ELSA-2020-2852.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7598
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
https://www.npmjs.com/advisories/1179
| | minimist | CVE-2021-44906 | CRITICAL | 1.2.0 | 1.2.6 |
Expand...https://access.redhat.com/security/cve/CVE-2021-44906
https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip
https://github.com/advisories/GHSA-xvch-5gv4-984h
https://github.com/substack/minimist/blob/master/index.js#L69
https://github.com/substack/minimist/issues/164
https://nvd.nist.gov/vuln/detail/CVE-2021-44906
https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068
| | minimist | CVE-2020-7598 | MEDIUM | 1.2.0 | 1.2.3, 0.2.1 |
Expand...http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html
https://access.redhat.com/security/cve/CVE-2020-7598
https://errata.almalinux.org/8/ALSA-2020-2852.html
https://github.com/advisories/GHSA-vh95-rmgr-6w4m
https://github.com/substack/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab
https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95
https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
https://linux.oracle.com/cve/CVE-2020-7598.html
https://linux.oracle.com/errata/ELSA-2020-2852.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7598
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
https://www.npmjs.com/advisories/1179
| | mixin-deep | CVE-2019-10746 | CRITICAL | 1.3.1 | 2.0.1, 1.3.2 |
Expand...https://access.redhat.com/security/cve/CVE-2019-10746
https://errata.almalinux.org/8/ALSA-2021-0549.html
https://github.com/advisories/GHSA-fhjf-83wg-r2j9
https://linux.oracle.com/cve/CVE-2019-10746.html
https://linux.oracle.com/errata/ELSA-2021-0549.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFNIVG2XYFPZJY3DYYBJASZ7ZMKBMIJT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXRA365KZCUNXMU3KDH5JN5BEPNIGUKC/
https://nvd.nist.gov/vuln/detail/CVE-2019-10746
https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
https://www.npmjs.com/advisories/1013
| | moment | CVE-2022-24785 | HIGH | 2.24.0 | 2.29.2 |
Expand...https://access.redhat.com/security/cve/CVE-2022-24785
https://github.com/advisories/GHSA-8hfj-j24r-96c4
https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5
https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4
https://nvd.nist.gov/vuln/detail/CVE-2022-24785
https://security.netapp.com/advisory/ntap-20220513-0006/
https://www.tenable.com/security/tns-2022-09
| | node-forge | CVE-2020-7720 | HIGH | 0.7.5 | 0.10.0 |
Expand...https://access.redhat.com/security/cve/CVE-2020-7720
https://github.com/advisories/GHSA-92xj-mqp7-vmcj
https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md
https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md#removed
https://nvd.nist.gov/vuln/detail/CVE-2020-7720
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293
https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677
| | node-forge | CVE-2022-24771 | HIGH | 0.7.5 | 1.3.0 |
Expand...https://access.redhat.com/security/cve/CVE-2022-24771
https://github.com/advisories/GHSA-cfm4-qjh2-4765
https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2
https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765
https://nvd.nist.gov/vuln/detail/CVE-2022-24771
| | node-forge | CVE-2022-24772 | HIGH | 0.7.5 | 1.3.0 |
Expand...https://access.redhat.com/security/cve/CVE-2022-24772
https://github.com/advisories/GHSA-x4jg-mjrx-434g
https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2
https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g
https://nvd.nist.gov/vuln/detail/CVE-2022-24772
| | node-forge | CVE-2022-0122 | MEDIUM | 0.7.5 | 1.0.0 |
Expand...https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e
https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae
https://nvd.nist.gov/vuln/detail/CVE-2022-0122
| | node-forge | CVE-2022-24773 | MEDIUM | 0.7.5 | 1.3.0 |
Expand...https://access.redhat.com/security/cve/CVE-2022-24773
https://github.com/advisories/GHSA-2r2c-g63r-vccr
https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2
https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr
https://nvd.nist.gov/vuln/detail/CVE-2022-24773
| | node-forge | GHSA-5rrq-pxf6-6jx5 | LOW | 0.7.5 | 1.0.0 |
Expand...https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
https://github.com/digitalbazaar/forge/security/advisories/GHSA-5rrq-pxf6-6jx5
| | node-forge | GHSA-gf8q-jrpm-jvxq | LOW | 0.7.5 | 1.0.0 |
Expand...https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
https://github.com/digitalbazaar/forge/security/advisories/GHSA-gf8q-jrpm-jvxq
| | node-forge | GHSA-wxgw-qj99-44c2 | LOW | 0.7.5 | 0.10.0 |
Expand...https://github.com/advisories/GHSA-wxgw-qj99-44c2
https://github.com/digitalbazaar/forge/security/advisories/GHSA-wxgw-qj99-44c2
| | node-notifier | CVE-2020-7789 | MEDIUM | 5.4.0 | 8.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2020-7789
https://github.com/advisories/GHSA-5fw9-fq32-wv5p
https://github.com/mikaelbr/node-notifier/blob/master/lib/utils.js%23L303
https://github.com/mikaelbr/node-notifier/commit/5d62799dab88505a709cd032653b2320c5813fce
https://nvd.nist.gov/vuln/detail/CVE-2020-7789
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050371
https://snyk.io/vuln/SNYK-JS-NODENOTIFIER-1035794
| | nth-check | CVE-2021-3803 | HIGH | 1.0.2 | 2.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2021-3803
https://github.com/advisories/GHSA-rp65-9cf3-cjxr
https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726
https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0
https://nvd.nist.gov/vuln/detail/CVE-2021-3803
| | object-path | CVE-2020-15256 | HIGH | 0.9.2 | 0.11.5 |
Expand...https://access.redhat.com/security/cve/CVE-2020-15256
https://github.com/advisories/GHSA-cwx2-736x-mf6w
https://github.com/mariocasciaro/object-path/commit/2be3354c6c46215c7635eb1b76d80f1319403c68
https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w
https://nvd.nist.gov/vuln/detail/CVE-2020-15256
| | object-path | CVE-2021-3805 | HIGH | 0.9.2 | 0.11.8 |
Expand...https://access.redhat.com/security/cve/CVE-2021-3805
https://github.com/advisories/GHSA-8v63-cqqc-6r2c
https://github.com/mariocasciaro/object-path/commit/4f0903fd7c832d12ccbe0d9c3d7e25d985e9e884
https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6
https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053
https://nvd.nist.gov/vuln/detail/CVE-2021-3805
| | object-path | CVE-2021-23434 | MEDIUM | 0.9.2 | 0.11.6 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23434
https://github.com/advisories/GHSA-v39p-96qg-c8rf
https://github.com/mariocasciaro/object-path#0116
https://github.com/mariocasciaro/object-path%230116
https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb
https://nvd.nist.gov/vuln/detail/CVE-2021-23434
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1570423
https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453
| | path-parse | CVE-2021-23343 | MEDIUM | 1.0.6 | 1.0.7 |
Expand...https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22931.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23343.json
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json
https://access.redhat.com/security/cve/CVE-2021-23343
https://errata.almalinux.org/8/ALSA-2021-3666.html
https://github.com/advisories/GHSA-hj48-42vr-x3v9
https://github.com/jbgutierrez/path-parse/commit/eca63a7b9a473bf6978a2f5b7b3343662d1506f7
https://github.com/jbgutierrez/path-parse/issues/8
https://github.com/jbgutierrez/path-parse/pull/10
https://linux.oracle.com/cve/CVE-2021-23343.html
https://linux.oracle.com/errata/ELSA-2021-3666.html
https://lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f63765abb69ce08b85@%3Cdev.myfaces.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-23343
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028
https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067
| | postcss | CVE-2021-23382 | MEDIUM | 6.0.23 | 7.0.36, 8.2.13 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23382
https://github.com/advisories/GHSA-566m-qj78-rww5
https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956
https://github.com/postcss/postcss/releases/tag/7.0.36
https://nvd.nist.gov/vuln/detail/CVE-2021-23382
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641
https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
| | postcss | CVE-2021-23368 | MEDIUM | 7.0.14 | 8.2.10, 7.0.36 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368
https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
https://github.com/postcss/postcss/commit/54cbf3c4847eb0fb1501b9d2337465439e849734
https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4
https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5
https://lists.apache.org/thread.html/r00158f5d770d75d0655c5eef1bdbc6150531606c8f8bcb778f0627be@%3Cdev.myfaces.apache.org%3E
https://lists.apache.org/thread.html/r16e295b4f02d81b79981237d602cb0b9e59709bafaa73ac98be7cef1@%3Cdev.myfaces.apache.org%3E
https://lists.apache.org/thread.html/r49afb49b38748897211b1f89c3a64dc27f9049474322b05715695aab@%3Cdev.myfaces.apache.org%3E
https://lists.apache.org/thread.html/r5acd89f3827ad9a9cad6d24ed93e377f7114867cd98cfba616c6e013@%3Ccommits.myfaces.apache.org%3E
https://lists.apache.org/thread.html/r8def971a66cf3e375178fbee752e1b04a812a047cc478ad292007e33@%3Cdev.myfaces.apache.org%3E
https://lists.apache.org/thread.html/rad5af2044afb51668b1008b389ac815a28ecea9eb75ae2cab5a00ebb@%3Ccommits.myfaces.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-23368
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1244795
https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595
| | postcss | CVE-2021-23382 | MEDIUM | 7.0.14 | 7.0.36, 8.2.13 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23382
https://github.com/advisories/GHSA-566m-qj78-rww5
https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956
https://github.com/postcss/postcss/releases/tag/7.0.36
https://nvd.nist.gov/vuln/detail/CVE-2021-23382
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641
https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
| | serialize-javascript | CVE-2020-7660 | HIGH | 1.6.1 | 3.1.0 |
Expand...https://access.redhat.com/security/cve/CVE-2020-7660
https://github.com/advisories/GHSA-hxcc-f52p-wc94
https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd
https://nvd.nist.gov/vuln/detail/CVE-2020-7660
| | serialize-javascript | CVE-2019-16769 | MEDIUM | 1.6.1 | 2.1.1 |
Expand...https://access.redhat.com/security/cve/CVE-2019-16769
https://github.com/advisories/GHSA-h9rv-jmmf-4pgx
https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx
https://nvd.nist.gov/vuln/detail/CVE-2019-16769
https://www.npmjs.com/advisories/1426
| | set-value | CVE-2019-10747 | CRITICAL | 0.4.3 | 3.0.1, 2.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2019-10747
https://errata.almalinux.org/8/ALSA-2021-0549.html
https://github.com/advisories/GHSA-4g88-fppr-53pp
https://linux.oracle.com/cve/CVE-2019-10747.html
https://linux.oracle.com/errata/ELSA-2021-0549.html
https://lists.apache.org/thread.html/b46f35559c4a97cf74d2dd7fe5a48f8abf2ff37f879083920af9b292@%3Cdev.drat.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EJ36KV6MXQPUYTFCCTDY54E5Y7QP3AV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3HNLQZQINMZK6GYB2UTKK4VU7WBV2OT/
https://nvd.nist.gov/vuln/detail/CVE-2019-10747
https://snyk.io/vuln/SNYK-JS-SETVALUE-450213
https://www.npmjs.com/advisories/1012
| | set-value | CVE-2021-23440 | HIGH | 0.4.3 | 2.0.1, 4.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23440
https://github.com/advisories/GHSA-4jqc-8m5r-9rpr
https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452
https://github.com/jonschlinkert/set-value/pull/33
https://nvd.nist.gov/vuln/detail/CVE-2021-23440
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212
https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541
https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/
https://www.oracle.com/security-alerts/cpujan2022.html
| | set-value | CVE-2019-10747 | CRITICAL | 2.0.0 | 3.0.1, 2.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2019-10747
https://errata.almalinux.org/8/ALSA-2021-0549.html
https://github.com/advisories/GHSA-4g88-fppr-53pp
https://linux.oracle.com/cve/CVE-2019-10747.html
https://linux.oracle.com/errata/ELSA-2021-0549.html
https://lists.apache.org/thread.html/b46f35559c4a97cf74d2dd7fe5a48f8abf2ff37f879083920af9b292@%3Cdev.drat.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EJ36KV6MXQPUYTFCCTDY54E5Y7QP3AV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3HNLQZQINMZK6GYB2UTKK4VU7WBV2OT/
https://nvd.nist.gov/vuln/detail/CVE-2019-10747
https://snyk.io/vuln/SNYK-JS-SETVALUE-450213
https://www.npmjs.com/advisories/1012
| | set-value | CVE-2021-23440 | HIGH | 2.0.0 | 2.0.1, 4.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23440
https://github.com/advisories/GHSA-4jqc-8m5r-9rpr
https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452
https://github.com/jonschlinkert/set-value/pull/33
https://nvd.nist.gov/vuln/detail/CVE-2021-23440
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212
https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541
https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/
https://www.oracle.com/security-alerts/cpujan2022.html
| | sockjs | CVE-2020-7693 | MEDIUM | 0.3.19 | 0.3.20 |
Expand...https://access.redhat.com/security/cve/CVE-2020-7693
https://github.com/advisories/GHSA-c9g6-9335-x697
https://github.com/andsnw/sockjs-dos-py
https://github.com/sockjs/sockjs-node/commit/dd7e642cd69ee74385825816d30642c43e051d16
https://github.com/sockjs/sockjs-node/issues/252
https://github.com/sockjs/sockjs-node/pull/265
https://nvd.nist.gov/vuln/detail/CVE-2020-7693
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575448
https://snyk.io/vuln/SNYK-JS-SOCKJS-575261
https://www.npmjs.com/package/sockjs
| | ssri | CVE-2021-27290 | HIGH | 6.0.1 | 8.0.1, 7.1.1, 6.0.2 |
Expand...https://access.redhat.com/security/cve/CVE-2021-27290
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27290
https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf
https://errata.almalinux.org/8/ALSA-2021-3074.html
https://github.com/advisories/GHSA-vx3p-948g-6vhq
https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2
https://github.com/npm/ssri/commit/b30dfdb00bb94ddc49a25a85a18fb27afafdfbb1
https://github.com/npm/ssri/pull/20#issuecomment-842677644
https://github.com/yetingli/SaveResults/blob/main/pdf/ssri-redos.pdf
https://linux.oracle.com/cve/CVE-2021-27290.html
https://linux.oracle.com/errata/ELSA-2021-3074.html
https://npmjs.com
https://nvd.nist.gov/vuln/detail/CVE-2021-27290
https://www.npmjs.com/package/ssri
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-32803 | HIGH | 4.4.8 | 6.1.2, 5.0.7, 4.4.15, 3.2.3 |
Expand...https://access.redhat.com/security/cve/CVE-2021-32803
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://errata.almalinux.org/8/ALSA-2021-3666.html
https://github.com/advisories/GHSA-r628-mhmh-qjhw
https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20
https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw
https://linux.oracle.com/cve/CVE-2021-32803.html
https://linux.oracle.com/errata/ELSA-2021-3666.html
https://nvd.nist.gov/vuln/detail/CVE-2021-32803
https://www.npmjs.com/advisories/1771
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-32804 | HIGH | 4.4.8 | 6.1.1, 5.0.6, 4.4.14, 3.2.2 |
Expand...https://access.redhat.com/security/cve/CVE-2021-32804
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://errata.almalinux.org/8/ALSA-2021-3666.html
https://github.com/advisories/GHSA-3jfq-g458-7qm9
https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4
https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9
https://linux.oracle.com/cve/CVE-2021-32804.html
https://linux.oracle.com/errata/ELSA-2021-3666.html
https://nvd.nist.gov/vuln/detail/CVE-2021-32804
https://www.npmjs.com/advisories/1770
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37701 | HIGH | 4.4.8 | 6.1.7, 5.0.8, 4.4.16 |
Expand...https://access.redhat.com/security/cve/CVE-2021-37701
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/advisories/GHSA-9r2w-394v-53qc
https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
https://linux.oracle.com/cve/CVE-2021-37701.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-37701
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1779
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37712 | HIGH | 4.4.8 | 6.1.9, 5.0.10, 4.4.18 |
Expand...https://access.redhat.com/security/cve/CVE-2021-37712
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/advisories/GHSA-qq89-hq3f-393p
https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
https://linux.oracle.com/cve/CVE-2021-37712.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-37712
https://www.debian.org/security/2021/dsa-5008
https://www.npmjs.com/advisories/1780
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | tar | CVE-2021-37713 | HIGH | 4.4.8 | 6.1.9, 5.0.10, 4.4.18 |
Expand...https://access.redhat.com/security/cve/CVE-2021-37713
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/advisories/GHSA-5955-9wpr-37jh
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
https://nvd.nist.gov/vuln/detail/CVE-2021-37713
https://www.npmjs.com/package/tar
https://www.oracle.com/security-alerts/cpuoct2021.html
| | url-parse | CVE-2022-0686 | CRITICAL | 1.4.4 | 1.5.8 |
Expand...https://access.redhat.com/security/cve/CVE-2022-0686
https://github.com/advisories/GHSA-hgjh-723h-mx2j
https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5
https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c
https://nvd.nist.gov/vuln/detail/CVE-2022-0686
https://security.netapp.com/advisory/ntap-20220325-0006/
| | url-parse | CVE-2020-8124 | MEDIUM | 1.4.4 | 1.4.5 |
Expand...https://access.redhat.com/security/cve/CVE-2020-8124
https://github.com/advisories/GHSA-46c4-8wrp-j99v
https://hackerone.com/reports/496293
https://nvd.nist.gov/vuln/detail/CVE-2020-8124
| | url-parse | CVE-2021-27515 | MEDIUM | 1.4.4 | 1.5.0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-27515
https://advisory.checkmarx.net/advisory/CX-2021-4306
https://github.com/advisories/GHSA-9m6j-fcg5-2442
https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0
https://github.com/unshiftio/url-parse/compare/1.4.7...1.5.0
https://github.com/unshiftio/url-parse/pull/197
https://nvd.nist.gov/vuln/detail/CVE-2021-27515
| | url-parse | CVE-2021-3664 | MEDIUM | 1.4.4 | 1.5.2 |
Expand...https://access.redhat.com/security/cve/CVE-2021-3664
https://github.com/advisories/GHSA-hh27-ffr2-f2jc
https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0
https://github.com/unshiftio/url-parse/issues/205
https://github.com/unshiftio/url-parse/issues/206
https://huntr.dev/bounties/1625557993985-unshiftio/url-parse
https://huntr.dev/bounties/1625557993985-unshiftio/url-parse/
https://nvd.nist.gov/vuln/detail/CVE-2021-3664
| | url-parse | CVE-2022-0512 | MEDIUM | 1.4.4 | 1.5.6 |
Expand...https://access.redhat.com/security/cve/CVE-2022-0512
https://github.com/advisories/GHSA-rqff-837h-mm52
https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40
https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b
https://nvd.nist.gov/vuln/detail/CVE-2022-0512
| | url-parse | CVE-2022-0639 | MEDIUM | 1.4.4 | 1.5.7 |
Expand...https://access.redhat.com/security/cve/CVE-2022-0639
https://github.com/advisories/GHSA-8v38-pw62-9cw2
https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788
https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155
https://nvd.nist.gov/vuln/detail/CVE-2022-0639
| | url-parse | CVE-2022-0691 | MEDIUM | 1.4.4 | 1.5.9 |
Expand...https://access.redhat.com/security/cve/CVE-2022-0691
https://github.com/advisories/GHSA-jf5r-8hm2-f872
https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63
https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4
https://nvd.nist.gov/vuln/detail/CVE-2022-0691
https://security.netapp.com/advisory/ntap-20220325-0006/
| | websocket-extensions | CVE-2020-7662 | HIGH | 0.1.3 | 0.1.4 |
Expand...https://access.redhat.com/security/cve/CVE-2020-7662
https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions
https://github.com/advisories/GHSA-g78m-2chm-r7qv
https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237
https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv
https://nvd.nist.gov/vuln/detail/CVE-2020-7662
https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623
| | y18n | CVE-2020-7774 | HIGH | 3.2.1 | 5.0.5, 4.0.1, 3.2.2 |
Expand...https://access.redhat.com/security/cve/CVE-2020-7774
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://errata.almalinux.org/8/ALSA-2021-0551.html
https://github.com/advisories/GHSA-c4w7-xm78-47vh
https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25
https://github.com/yargs/y18n/issues/96
https://github.com/yargs/y18n/pull/108
https://linux.oracle.com/cve/CVE-2020-7774.html
https://linux.oracle.com/errata/ELSA-2021-0551.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7774
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306
https://snyk.io/vuln/SNYK-JS-Y18N-1021887
https://www.oracle.com/security-alerts/cpuApr2021.html
| | y18n | CVE-2020-7774 | HIGH | 4.0.0 | 5.0.5, 4.0.1, 3.2.2 |
Expand...https://access.redhat.com/security/cve/CVE-2020-7774
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://errata.almalinux.org/8/ALSA-2021-0551.html
https://github.com/advisories/GHSA-c4w7-xm78-47vh
https://github.com/yargs/y18n/commit/a9ac604abf756dec9687be3843e2c93bfe581f25
https://github.com/yargs/y18n/issues/96
https://github.com/yargs/y18n/pull/108
https://linux.oracle.com/cve/CVE-2020-7774.html
https://linux.oracle.com/errata/ELSA-2021-0551.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7774
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038306
https://snyk.io/vuln/SNYK-JS-Y18N-1021887
https://www.oracle.com/security-alerts/cpuApr2021.html
| | yargs-parser | CVE-2020-7608 | MEDIUM | 10.1.0 | 5.0.1, 13.1.2, 18.1.2, 15.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2020-7608
https://errata.almalinux.org/8/ALSA-2021-0548.html
https://github.com/advisories/GHSA-p9pc-299p-vxgp
https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2
https://linux.oracle.com/cve/CVE-2020-7608.html
https://linux.oracle.com/errata/ELSA-2021-0548.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7608
https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
https://www.npmjs.com/advisories/1500
| | yargs-parser | CVE-2020-7608 | MEDIUM | 11.1.1 | 5.0.1, 13.1.2, 18.1.2, 15.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2020-7608
https://errata.almalinux.org/8/ALSA-2021-0548.html
https://github.com/advisories/GHSA-p9pc-299p-vxgp
https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2
https://linux.oracle.com/cve/CVE-2020-7608.html
https://linux.oracle.com/errata/ELSA-2021-0548.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7608
https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
https://www.npmjs.com/advisories/1500
| | yargs-parser | CVE-2020-7608 | MEDIUM | 7.0.0 | 5.0.1, 13.1.2, 18.1.2, 15.0.1 |
Expand...https://access.redhat.com/security/cve/CVE-2020-7608
https://errata.almalinux.org/8/ALSA-2021-0548.html
https://github.com/advisories/GHSA-p9pc-299p-vxgp
https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2
https://linux.oracle.com/cve/CVE-2020-7608.html
https://linux.oracle.com/errata/ELSA-2021-0548.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7608
https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
https://www.npmjs.com/advisories/1500
| **composer** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | symfony/cache | CVE-2019-18889 | CRITICAL | v4.2.3 | 3.3.0, 3.4.0, 3.4.35, 4.1.0, 4.2.0, 4.2.12, 4.3.8, 3.2.0 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18889
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-18889.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18889.yaml
https://github.com/advisories/GHSA-79gr-58r3-pwm3
https://github.com/symfony/symfony/commit/8817d28fcaacb31fe01d267f6e19b44d8179395a
https://github.com/symfony/symfony/releases/tag/v4.3.8
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
https://nvd.nist.gov/vuln/detail/CVE-2019-18889
https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances
https://symfony.com/blog/symfony-4-3-8-released
https://symfony.com/cve-2019-18889
| | symfony/cache | CVE-2019-10912 | HIGH | v4.2.3 | 4.2.7, 3.2.0, 3.3.0, 3.4.0, 3.4.26, 4.1.0, 4.1.12 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml
https://github.com/advisories/GHSA-w2fr-65vp-mxw3
https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/
https://nvd.nist.gov/vuln/detail/CVE-2019-10912
https://seclists.org/bugtraq/2019/May/21
https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
https://symfony.com/cve-2019-10912
https://typo3.org/security/advisory/typo3-core-sa-2019-016
https://typo3.org/security/advisory/typo3-core-sa-2019-016/
https://www.debian.org/security/2019/dsa-4441
| | symfony/dependency-injection | CVE-2019-10910 | CRITICAL | v4.2.4 | 2.8.50, 3.2.0, 3.4.0, 4.2.7, 4.1.0, 4.1.12, 2.7.51, 3.1.0, 3.3.0, 3.4.26 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml
https://github.com/advisories/GHSA-pgwj-prpq-jpc2
https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b
https://nvd.nist.gov/vuln/detail/CVE-2019-10910
https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
https://symfony.com/cve-2019-10910
https://www.drupal.org/SA-CORE-2019-005
https://www.synology.com/security/advisory/Synology_SA_19_19
| | symfony/framework-bundle | CVE-2019-10909 | MEDIUM | v4.2.3 | 3.4.26, 4.1.12, 4.2.7, 2.7.51, 3.2.0, 3.3.0, 3.4.0, 2.8.50, 3.1.0, 4.1.0 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
https://github.com/advisories/GHSA-g996-q5r8-w7g2
https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
https://nvd.nist.gov/vuln/detail/CVE-2019-10909
https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
https://symfony.com/cve-2019-10909
https://www.drupal.org/SA-CORE-2019-005
https://www.drupal.org/sa-core-2019-005
https://www.synology.com/security/advisory/Synology_SA_19_19
| | symfony/http-foundation | CVE-2019-10913 | CRITICAL | v4.2.4 | 3.3.0, 3.4.26, 4.1.12, 4.2.7, 2.7.51, 2.8.50, 3.1.0, 3.2.0, 3.4.0, 4.1.0 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml
https://github.com/advisories/GHSA-x92h-wmg2-6hp7
https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec
https://nvd.nist.gov/vuln/detail/CVE-2019-10913
https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
https://symfony.com/cve-2019-10913
| | symfony/http-foundation | CVE-2019-18888 | HIGH | v4.2.4 | 2.6.0, 2.8.0, 4.2.12, 2.1.0, 2.8.52, 2.4.0, 2.5.0, 2.7.0, 3.1.0, 3.3.0, 2.3.0, 3.2.0, 3.4.0, 3.4.35, 4.1.0, 4.2.0, 4.3.8, 2.2.0 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml
https://github.com/advisories/GHSA-xhh6-956q-4q69
https://github.com/symfony/symfony/commit/691486e43ce0e4893cd703e221bafc10a871f365
https://github.com/symfony/symfony/commit/77ddabf2e785ea85860d2720cc86f7c5d8967ed5
https://github.com/symfony/symfony/releases/tag/v4.3.8
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
https://nvd.nist.gov/vuln/detail/CVE-2019-18888
https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
https://symfony.com/blog/symfony-4-3-8-released
https://symfony.com/cve-2019-18888
| | symfony/http-kernel | CVE-2019-18887 | HIGH | v4.2.4 | 3.1.0, 3.4.35, 4.2.12, 2.6.0, 3.2.0, 3.4.0, 2.7.0, 2.5.0, 2.8.0, 3.3.0, 2.4.0, 2.8.52, 4.1.0, 4.2.0, 4.3.8, 2.3.0 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml
https://github.com/advisories/GHSA-q8hg-pf8v-cxrv
https://github.com/symfony/symfony/commit/cccefe6a7f12e776df0665aeb77fe9294c285fbb
https://github.com/symfony/symfony/releases/tag/v4.3.8
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
https://nvd.nist.gov/vuln/detail/CVE-2019-18887
https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
https://symfony.com/blog/symfony-4-3-8-released
https://symfony.com/cve-2019-18887
| | symfony/var-exporter | CVE-2019-11325 | CRITICAL | v4.2.3 | 4.2.12, 4.3.8 |
Expand...https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-11325.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/var-exporter/CVE-2019-11325.yaml
https://github.com/advisories/GHSA-w4rc-rx25-8m86
https://github.com/symfony/symfony/releases/tag/v4.3.8
https://github.com/symfony/var-exporter/compare/d8bf442...57e00f3
https://nvd.nist.gov/vuln/detail/CVE-2019-11325
https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter
https://symfony.com/blog/symfony-4-3-8-released
https://symfony.com/cve-2019-11325
| | twig/twig | CVE-2022-23614 | CRITICAL | v2.6.2 | 2.14.11, 3.3.8 |
Expand...https://access.redhat.com/security/cve/CVE-2022-23614
https://github.com/advisories/GHSA-5mv2-rx3q-4w2v
https://github.com/twigphp/Twig/commit/22b9dc3c03ee66d7e21d9ed2ca76052b134cb9e9
https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5
https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2PVV5DUTRUECTIHMTWRI5Z7DVNYQ2YO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTN4273U4RHVIXED64T7DSMJ3VYTPRE7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PECHIY2XLWUH2WLCNPDGNFMPHPRPCEDZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIGZCFSYLPP7UVJ4E4NLHSOQSKYNXSAD/
https://nvd.nist.gov/vuln/detail/CVE-2022-23614
https://symfony.com/blog/twig-security-release-disallow-non-closures-in-the-sort-filter
https://www.debian.org/security/2022/dsa-5107
| | twig/twig | CVE-2019-9942 | LOW | v2.6.2 | 1.38.0, 2.7.0 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9942
https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2019-9942.yaml
https://github.com/advisories/GHSA-vxrc-68xx-x48g
https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077
https://nvd.nist.gov/vuln/detail/CVE-2019-9942
https://seclists.org/bugtraq/2019/Mar/60
https://symfony.com/blog/twig-sandbox-information-disclosure
https://www.debian.org/security/2019/dsa-4419
|