--- hide: - toc --- # Security Overview ## Helm-Chart ##### Scan Results #### Chart Object: uptimerobot-prometheus/templates/common.yaml | Type | Misconfiguration ID | Check | Severity | Explaination | Links | |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.

Container 'RELEASE-NAME-uptimerobot-prometheus' of Deployment 'RELEASE-NAME-uptimerobot-prometheus' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'autopermissions' of Deployment 'RELEASE-NAME-uptimerobot-prometheus' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'RELEASE-NAME-uptimerobot-prometheus' of Deployment 'RELEASE-NAME-uptimerobot-prometheus' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'autopermissions' of Deployment 'RELEASE-NAME-uptimerobot-prometheus' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-uptimerobot-prometheus' of Deployment 'RELEASE-NAME-uptimerobot-prometheus' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-uptimerobot-prometheus' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| | Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-uptimerobot-prometheus' of Deployment 'RELEASE-NAME-uptimerobot-prometheus' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| | Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-uptimerobot-prometheus' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| | Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW |
Expand... Containers should be forbidden from running with a root primary or supplementary GID.

Deployment 'RELEASE-NAME-uptimerobot-prometheus' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029
| ## Containers ##### Detected Containers tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c tccr.io/truecharts/prometheus-uptimerobot-exporter:v0.0.1@sha256:c73a86e73ab47e0974eb3d6bd6ce5834befe8363979a9da2b53922b630ec084a ##### Scan Results #### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) **alpine** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| | busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| | ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| | ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| #### Container: tccr.io/truecharts/prometheus-uptimerobot-exporter:v0.0.1@sha256:c73a86e73ab47e0974eb3d6bd6ce5834befe8363979a9da2b53922b630ec084a (alpine 3.12.0) **alpine** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apk-tools | CVE-2021-36159 | CRITICAL | 2.10.5-r1 | 2.10.7-r0 |
Expand...https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
| | apk-tools | CVE-2021-30139 | HIGH | 2.10.5-r1 | 2.10.6-r0 |
Expand...https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741
https://gitlab.alpinelinux.org/alpine/aports/-/issues/12606
| | busybox | CVE-2021-28831 | HIGH | 1.31.1-r16 | 1.31.1-r20 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/
https://security.gentoo.org/glsa/202105-09
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42378 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42379 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42380 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42381 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42382 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42383 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| | busybox | CVE-2021-42384 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42385 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42386 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | busybox | CVE-2021-42374 | MEDIUM | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | curl | CVE-2021-22945 | CRITICAL | 7.69.1-r0 | 7.79.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22945.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22945
https://hackerone.com/reports/1269242
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://security.netapp.com/advisory/ntap-20211029-0003/
https://ubuntu.com/security/notices/USN-5079-1
https://www.oracle.com/security-alerts/cpuoct2021.html
| | curl | CVE-2020-8169 | HIGH | 7.69.1-r0 | 7.69.1-r1 |
Expand...https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf
https://curl.haxx.se/docs/CVE-2020-8169.html
https://curl.se/docs/CVE-2020-8169.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169
https://hackerone.com/reports/874778
https://ubuntu.com/security/notices/USN-4402-1
https://www.debian.org/security/2021/dsa-4881
| | curl | CVE-2020-8177 | HIGH | 7.69.1-r0 | 7.69.1-r1 |
Expand...https://curl.haxx.se/docs/CVE-2020-8177.html
https://curl.se/docs/CVE-2020-8177.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177
https://hackerone.com/reports/887462
https://linux.oracle.com/cve/CVE-2020-8177.html
https://linux.oracle.com/errata/ELSA-2020-5002.html
https://ubuntu.com/security/notices/USN-4402-1
https://www.debian.org/security/2021/dsa-4881
| | curl | CVE-2020-8231 | HIGH | 7.69.1-r0 | 7.69.1-r2 |
Expand...https://curl.haxx.se/docs/CVE-2020-8231.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231
https://hackerone.com/reports/948876
https://linux.oracle.com/cve/CVE-2020-8231.html
https://linux.oracle.com/errata/ELSA-2021-1610.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://security.gentoo.org/glsa/202012-14
https://ubuntu.com/security/notices/USN-4466-1
https://ubuntu.com/security/notices/USN-4466-2
https://ubuntu.com/security/notices/USN-4665-1
https://www.debian.org/security/2021/dsa-4881
| | curl | CVE-2020-8285 | HIGH | 7.69.1-r0 | 7.69.1-r3 |
Expand...http://seclists.org/fulldisclosure/2021/Apr/51
https://curl.se/docs/CVE-2020-8285.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285
https://github.com/curl/curl/issues/6255
https://hackerone.com/reports/1045844
https://linux.oracle.com/cve/CVE-2020-8285.html
https://linux.oracle.com/errata/ELSA-2021-1610.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/
https://security.gentoo.org/glsa/202012-14
https://security.netapp.com/advisory/ntap-20210122-0007/
https://support.apple.com/kb/HT212325
https://support.apple.com/kb/HT212326
https://support.apple.com/kb/HT212327
https://ubuntu.com/security/notices/USN-4665-1
https://ubuntu.com/security/notices/USN-4665-2
https://www.debian.org/security/2021/dsa-4881
https://www.oracle.com/security-alerts/cpuApr2021.html
| | curl | CVE-2020-8286 | HIGH | 7.69.1-r0 | 7.69.1-r3 |
Expand...http://seclists.org/fulldisclosure/2021/Apr/50
http://seclists.org/fulldisclosure/2021/Apr/51
http://seclists.org/fulldisclosure/2021/Apr/54
https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf
https://curl.se/docs/CVE-2020-8286.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286
https://hackerone.com/reports/1048457
https://linux.oracle.com/cve/CVE-2020-8286.html
https://linux.oracle.com/errata/ELSA-2021-1610.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/
https://security.gentoo.org/glsa/202012-14
https://security.netapp.com/advisory/ntap-20210122-0007/
https://support.apple.com/kb/HT212325
https://support.apple.com/kb/HT212326
https://support.apple.com/kb/HT212327
https://ubuntu.com/security/notices/USN-4665-1
https://www.debian.org/security/2021/dsa-4881
https://www.oracle.com/security-alerts/cpuApr2021.html
| | curl | CVE-2021-22901 | HIGH | 7.69.1-r0 | 7.77.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22901.html
https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479
https://hackerone.com/reports/1180380
https://security.netapp.com/advisory/ntap-20210723-0001/
https://security.netapp.com/advisory/ntap-20210727-0007/
https://www.oracle.com//security-alerts/cpujul2021.html
| | curl | CVE-2021-22946 | HIGH | 7.69.1-r0 | 7.79.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22946.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946
https://hackerone.com/reports/1334111
https://linux.oracle.com/cve/CVE-2021-22946.html
https://linux.oracle.com/errata/ELSA-2021-4059.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://security.netapp.com/advisory/ntap-20211029-0003/
https://security.netapp.com/advisory/ntap-20220121-0008/
https://ubuntu.com/security/notices/USN-5079-1
https://ubuntu.com/security/notices/USN-5079-2
https://www.oracle.com/security-alerts/cpuoct2021.html
| | curl | CVE-2021-22876 | MEDIUM | 7.69.1-r0 | 7.76.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22876.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876
https://hackerone.com/reports/1101882
https://linux.oracle.com/cve/CVE-2021-22876.html
https://linux.oracle.com/errata/ELSA-2021-4511.html
https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/
https://security.gentoo.org/glsa/202105-36
https://security.netapp.com/advisory/ntap-20210521-0007/
https://ubuntu.com/security/notices/USN-4898-1
https://ubuntu.com/security/notices/USN-4903-1
| | curl | CVE-2021-22922 | MEDIUM | 7.69.1-r0 | 7.78.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22922.html
https://hackerone.com/reports/1213175
https://linux.oracle.com/cve/CVE-2021-22922.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| | curl | CVE-2021-22923 | MEDIUM | 7.69.1-r0 | 7.78.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22923.html
https://hackerone.com/reports/1213181
https://linux.oracle.com/cve/CVE-2021-22923.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| | curl | CVE-2021-22925 | MEDIUM | 7.69.1-r0 | 7.78.0-r0 |
Expand...http://seclists.org/fulldisclosure/2021/Sep/39
http://seclists.org/fulldisclosure/2021/Sep/40
https://curl.se/docs/CVE-2021-22925.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22925
https://hackerone.com/reports/1223882
https://linux.oracle.com/cve/CVE-2021-22925.html
https://linux.oracle.com/errata/ELSA-2021-4511.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://support.apple.com/kb/HT212804
https://support.apple.com/kb/HT212805
https://ubuntu.com/security/notices/USN-5021-1
https://ubuntu.com/security/notices/USN-5021-2
https://www.oracle.com/security-alerts/cpuoct2021.html
| | curl | CVE-2021-22947 | MEDIUM | 7.69.1-r0 | 7.79.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22947.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947
https://hackerone.com/reports/1334763
https://launchpad.net/bugs/1944120 (regression bug)
https://linux.oracle.com/cve/CVE-2021-22947.html
https://linux.oracle.com/errata/ELSA-2021-4059.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://security.netapp.com/advisory/ntap-20211029-0003/
https://ubuntu.com/security/notices/USN-5079-1
https://ubuntu.com/security/notices/USN-5079-2
https://ubuntu.com/security/notices/USN-5079-3
https://ubuntu.com/security/notices/USN-5079-4
https://www.oracle.com/security-alerts/cpuoct2021.html
| | curl | CVE-2020-8284 | LOW | 7.69.1-r0 | 7.74.0-r0 |
Expand...https://curl.se/docs/CVE-2020-8284.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8284
https://hackerone.com/reports/1040166
https://linux.oracle.com/cve/CVE-2020-8284.html
https://linux.oracle.com/errata/ELSA-2021-1610.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/
https://security.gentoo.org/glsa/202012-14
https://security.netapp.com/advisory/ntap-20210122-0007/
https://support.apple.com/kb/HT212325
https://support.apple.com/kb/HT212326
https://support.apple.com/kb/HT212327
https://ubuntu.com/security/notices/USN-4665-1
https://ubuntu.com/security/notices/USN-4665-2
https://www.debian.org/security/2021/dsa-4881
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
| | curl | CVE-2021-22890 | LOW | 7.69.1-r0 | 7.76.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22890.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22890
https://hackerone.com/reports/1129529
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/
https://security.gentoo.org/glsa/202105-36
https://security.netapp.com/advisory/ntap-20210521-0007/
https://ubuntu.com/security/notices/USN-4898-1
| | curl | CVE-2021-22898 | LOW | 7.69.1-r0 | 7.77.0-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/07/21/4
https://curl.se/docs/CVE-2021-22898.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898
https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
https://hackerone.com/reports/1176461
https://linux.oracle.com/cve/CVE-2021-22898.html
https://linux.oracle.com/errata/ELSA-2021-4511.html
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/
https://ubuntu.com/security/notices/USN-5021-1
https://ubuntu.com/security/notices/USN-5021-2
https://www.oracle.com//security-alerts/cpujul2021.html
| | curl | CVE-2021-22924 | LOW | 7.69.1-r0 | 7.78.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22924.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924
https://hackerone.com/reports/1223565
https://linux.oracle.com/cve/CVE-2021-22924.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://ubuntu.com/security/notices/USN-5021-1
https://www.oracle.com/security-alerts/cpuoct2021.html
| | expat | CVE-2022-22822 | CRITICAL | 2.2.9-r1 | 2.2.10-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://github.com/libexpat/libexpat/pull/539
| | expat | CVE-2022-22823 | CRITICAL | 2.2.9-r1 | 2.2.10-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://github.com/libexpat/libexpat/pull/539
| | expat | CVE-2022-22824 | CRITICAL | 2.2.9-r1 | 2.2.10-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://github.com/libexpat/libexpat/pull/539
| | expat | CVE-2021-45960 | HIGH | 2.2.9-r1 | 2.2.10-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://bugzilla.mozilla.org/show_bug.cgi?id=1217609
https://github.com/libexpat/libexpat/issues/531
https://github.com/libexpat/libexpat/pull/534
https://security.netapp.com/advisory/ntap-20220121-0004/
| | expat | CVE-2021-46143 | HIGH | 2.2.9-r1 | 2.2.10-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://github.com/libexpat/libexpat/issues/532
https://github.com/libexpat/libexpat/pull/538
https://security.netapp.com/advisory/ntap-20220121-0006/
| | expat | CVE-2022-22825 | HIGH | 2.2.9-r1 | 2.2.10-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://github.com/libexpat/libexpat/pull/539
| | expat | CVE-2022-22826 | HIGH | 2.2.9-r1 | 2.2.10-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://github.com/libexpat/libexpat/pull/539
| | expat | CVE-2022-22827 | HIGH | 2.2.9-r1 | 2.2.10-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/17/3
https://github.com/libexpat/libexpat/pull/539
| | krb5-libs | CVE-2020-28196 | HIGH | 1.18.2-r0 | 1.18.3-r0 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28196
https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd
https://linux.oracle.com/cve/CVE-2020-28196.html
https://linux.oracle.com/errata/ELSA-2021-9294.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/11/msg00011.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5/
https://security.gentoo.org/glsa/202011-17
https://security.netapp.com/advisory/ntap-20201202-0001/
https://security.netapp.com/advisory/ntap-20210513-0002/
https://ubuntu.com/security/notices/USN-4635-1
https://www.debian.org/security/2020/dsa-4795
https://www.oracle.com/security-alerts/cpuApr2021.html
| | krb5-libs | CVE-2021-36222 | HIGH | 1.18.2-r0 | 1.18.4-r0 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-36222.html
https://linux.oracle.com/errata/ELSA-2021-3576.html
https://security.netapp.com/advisory/ntap-20211022-0003/
https://security.netapp.com/advisory/ntap-20211104-0007/
https://web.mit.edu/kerberos/advisories/
https://www.debian.org/security/2021/dsa-4944
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcrypto1.1 | CVE-2021-3711 | CRITICAL | 1.1.1g-r0 | 1.1.1l-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/08/26/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
https://security.netapp.com/advisory/ntap-20210827-0010/
https://security.netapp.com/advisory/ntap-20211022-0003/
https://ubuntu.com/security/notices/USN-5051-1
https://www.debian.org/security/2021/dsa-4963
https://www.openssl.org/news/secadv/20210824.txt
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://www.tenable.com/security/tns-2022-02
| | libcrypto1.1 | CVE-2021-23840 | HIGH | 1.1.1g-r0 | 1.1.1j-r0 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
https://kc.mcafee.com/corporate/index?page=content&id=SB10366
https://linux.oracle.com/cve/CVE-2021-23840.html
https://linux.oracle.com/errata/ELSA-2021-9561.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210219-0009/
https://ubuntu.com/security/notices/USN-4738-1
https://ubuntu.com/security/notices/USN-5088-1
https://www.debian.org/security/2021/dsa-4855
https://www.openssl.org/news/secadv/20210216.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-03
https://www.tenable.com/security/tns-2021-09
https://www.tenable.com/security/tns-2021-10
| | libcrypto1.1 | CVE-2021-3450 | HIGH | 1.1.1g-r0 | 1.1.1k-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/03/27/1
http://www.openwall.com/lists/oss-security/2021/03/27/2
http://www.openwall.com/lists/oss-security/2021/03/28/3
http://www.openwall.com/lists/oss-security/2021/03/28/4
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
https://kc.mcafee.com/corporate/index?page=content&id=SB10356
https://linux.oracle.com/cve/CVE-2021-3450.html
https://linux.oracle.com/errata/ELSA-2021-9151.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210326-0006/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
https://www.openssl.org/news/secadv/20210325.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-05
https://www.tenable.com/security/tns-2021-08
https://www.tenable.com/security/tns-2021-09
| | libcrypto1.1 | CVE-2021-3712 | HIGH | 1.1.1g-r0 | 1.1.1l-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/08/26/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12
https://kc.mcafee.com/corporate/index?page=content&id=SB10366
https://linux.oracle.com/cve/CVE-2021-3712.html
https://linux.oracle.com/errata/ELSA-2022-9023.html
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html
https://security.netapp.com/advisory/ntap-20210827-0010/
https://ubuntu.com/security/notices/USN-5051-1
https://ubuntu.com/security/notices/USN-5051-2
https://ubuntu.com/security/notices/USN-5051-3
https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm)
https://ubuntu.com/security/notices/USN-5088-1
https://www.debian.org/security/2021/dsa-4963
https://www.openssl.org/news/secadv/20210824.txt
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://www.tenable.com/security/tns-2022-02
| | libcrypto1.1 | CVE-2020-1971 | MEDIUM | 1.1.1g-r0 | 1.1.1i-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/09/14/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676
https://linux.oracle.com/cve/CVE-2020-1971.html
https://linux.oracle.com/errata/ELSA-2021-9150.html
https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3Ccommits.pulsar.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc
https://security.gentoo.org/glsa/202012-13
https://security.netapp.com/advisory/ntap-20201218-0005/
https://security.netapp.com/advisory/ntap-20210513-0002/
https://ubuntu.com/security/notices/USN-4662-1
https://ubuntu.com/security/notices/USN-4745-1
https://www.debian.org/security/2020/dsa-4807
https://www.openssl.org/news/secadv/20201208.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2020-11
https://www.tenable.com/security/tns-2021-09
https://www.tenable.com/security/tns-2021-10
| | libcrypto1.1 | CVE-2021-23841 | MEDIUM | 1.1.1g-r0 | 1.1.1j-r0 |
Expand...http://seclists.org/fulldisclosure/2021/May/67
http://seclists.org/fulldisclosure/2021/May/68
http://seclists.org/fulldisclosure/2021/May/70
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23841
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
https://linux.oracle.com/cve/CVE-2021-23841.html
https://linux.oracle.com/errata/ELSA-2021-9561.html
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210219-0009/
https://security.netapp.com/advisory/ntap-20210513-0002/
https://support.apple.com/kb/HT212528
https://support.apple.com/kb/HT212529
https://support.apple.com/kb/HT212534
https://ubuntu.com/security/notices/USN-4738-1
https://ubuntu.com/security/notices/USN-4745-1
https://www.debian.org/security/2021/dsa-4855
https://www.openssl.org/news/secadv/20210216.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-03
https://www.tenable.com/security/tns-2021-09
| | libcrypto1.1 | CVE-2021-3449 | MEDIUM | 1.1.1g-r0 | 1.1.1k-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/03/27/1
http://www.openwall.com/lists/oss-security/2021/03/27/2
http://www.openwall.com/lists/oss-security/2021/03/28/3
http://www.openwall.com/lists/oss-security/2021/03/28/4
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
https://kc.mcafee.com/corporate/index?page=content&id=SB10356
https://linux.oracle.com/cve/CVE-2021-3449.html
https://linux.oracle.com/errata/ELSA-2021-9151.html
https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210326-0006/
https://security.netapp.com/advisory/ntap-20210513-0002/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
https://ubuntu.com/security/notices/USN-4891-1
https://ubuntu.com/security/notices/USN-5038-1
https://www.debian.org/security/2021/dsa-4875
https://www.openssl.org/news/secadv/20210325.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-05
https://www.tenable.com/security/tns-2021-06
https://www.tenable.com/security/tns-2021-09
https://www.tenable.com/security/tns-2021-10
| | libcrypto1.1 | CVE-2021-23839 | LOW | 1.1.1g-r0 | 1.1.1j-r0 |
Expand...https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30919ab80a478f2d81f2e9acdcca3fa4740cd547
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
https://security.netapp.com/advisory/ntap-20210219-0009/
https://www.openssl.org/news/secadv/20210216.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl | CVE-2021-22945 | CRITICAL | 7.69.1-r0 | 7.79.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22945.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22945
https://hackerone.com/reports/1269242
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://security.netapp.com/advisory/ntap-20211029-0003/
https://ubuntu.com/security/notices/USN-5079-1
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl | CVE-2020-8169 | HIGH | 7.69.1-r0 | 7.69.1-r1 |
Expand...https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf
https://curl.haxx.se/docs/CVE-2020-8169.html
https://curl.se/docs/CVE-2020-8169.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169
https://hackerone.com/reports/874778
https://ubuntu.com/security/notices/USN-4402-1
https://www.debian.org/security/2021/dsa-4881
| | libcurl | CVE-2020-8177 | HIGH | 7.69.1-r0 | 7.69.1-r1 |
Expand...https://curl.haxx.se/docs/CVE-2020-8177.html
https://curl.se/docs/CVE-2020-8177.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177
https://hackerone.com/reports/887462
https://linux.oracle.com/cve/CVE-2020-8177.html
https://linux.oracle.com/errata/ELSA-2020-5002.html
https://ubuntu.com/security/notices/USN-4402-1
https://www.debian.org/security/2021/dsa-4881
| | libcurl | CVE-2020-8231 | HIGH | 7.69.1-r0 | 7.69.1-r2 |
Expand...https://curl.haxx.se/docs/CVE-2020-8231.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231
https://hackerone.com/reports/948876
https://linux.oracle.com/cve/CVE-2020-8231.html
https://linux.oracle.com/errata/ELSA-2021-1610.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://security.gentoo.org/glsa/202012-14
https://ubuntu.com/security/notices/USN-4466-1
https://ubuntu.com/security/notices/USN-4466-2
https://ubuntu.com/security/notices/USN-4665-1
https://www.debian.org/security/2021/dsa-4881
| | libcurl | CVE-2020-8285 | HIGH | 7.69.1-r0 | 7.69.1-r3 |
Expand...http://seclists.org/fulldisclosure/2021/Apr/51
https://curl.se/docs/CVE-2020-8285.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285
https://github.com/curl/curl/issues/6255
https://hackerone.com/reports/1045844
https://linux.oracle.com/cve/CVE-2020-8285.html
https://linux.oracle.com/errata/ELSA-2021-1610.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/
https://security.gentoo.org/glsa/202012-14
https://security.netapp.com/advisory/ntap-20210122-0007/
https://support.apple.com/kb/HT212325
https://support.apple.com/kb/HT212326
https://support.apple.com/kb/HT212327
https://ubuntu.com/security/notices/USN-4665-1
https://ubuntu.com/security/notices/USN-4665-2
https://www.debian.org/security/2021/dsa-4881
https://www.oracle.com/security-alerts/cpuApr2021.html
| | libcurl | CVE-2020-8286 | HIGH | 7.69.1-r0 | 7.69.1-r3 |
Expand...http://seclists.org/fulldisclosure/2021/Apr/50
http://seclists.org/fulldisclosure/2021/Apr/51
http://seclists.org/fulldisclosure/2021/Apr/54
https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf
https://curl.se/docs/CVE-2020-8286.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286
https://hackerone.com/reports/1048457
https://linux.oracle.com/cve/CVE-2020-8286.html
https://linux.oracle.com/errata/ELSA-2021-1610.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/
https://security.gentoo.org/glsa/202012-14
https://security.netapp.com/advisory/ntap-20210122-0007/
https://support.apple.com/kb/HT212325
https://support.apple.com/kb/HT212326
https://support.apple.com/kb/HT212327
https://ubuntu.com/security/notices/USN-4665-1
https://www.debian.org/security/2021/dsa-4881
https://www.oracle.com/security-alerts/cpuApr2021.html
| | libcurl | CVE-2021-22901 | HIGH | 7.69.1-r0 | 7.77.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22901.html
https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479
https://hackerone.com/reports/1180380
https://security.netapp.com/advisory/ntap-20210723-0001/
https://security.netapp.com/advisory/ntap-20210727-0007/
https://www.oracle.com//security-alerts/cpujul2021.html
| | libcurl | CVE-2021-22946 | HIGH | 7.69.1-r0 | 7.79.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22946.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946
https://hackerone.com/reports/1334111
https://linux.oracle.com/cve/CVE-2021-22946.html
https://linux.oracle.com/errata/ELSA-2021-4059.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://security.netapp.com/advisory/ntap-20211029-0003/
https://security.netapp.com/advisory/ntap-20220121-0008/
https://ubuntu.com/security/notices/USN-5079-1
https://ubuntu.com/security/notices/USN-5079-2
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl | CVE-2021-22876 | MEDIUM | 7.69.1-r0 | 7.76.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22876.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876
https://hackerone.com/reports/1101882
https://linux.oracle.com/cve/CVE-2021-22876.html
https://linux.oracle.com/errata/ELSA-2021-4511.html
https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/
https://security.gentoo.org/glsa/202105-36
https://security.netapp.com/advisory/ntap-20210521-0007/
https://ubuntu.com/security/notices/USN-4898-1
https://ubuntu.com/security/notices/USN-4903-1
| | libcurl | CVE-2021-22922 | MEDIUM | 7.69.1-r0 | 7.78.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22922.html
https://hackerone.com/reports/1213175
https://linux.oracle.com/cve/CVE-2021-22922.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl | CVE-2021-22923 | MEDIUM | 7.69.1-r0 | 7.78.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22923.html
https://hackerone.com/reports/1213181
https://linux.oracle.com/cve/CVE-2021-22923.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl | CVE-2021-22925 | MEDIUM | 7.69.1-r0 | 7.78.0-r0 |
Expand...http://seclists.org/fulldisclosure/2021/Sep/39
http://seclists.org/fulldisclosure/2021/Sep/40
https://curl.se/docs/CVE-2021-22925.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22925
https://hackerone.com/reports/1223882
https://linux.oracle.com/cve/CVE-2021-22925.html
https://linux.oracle.com/errata/ELSA-2021-4511.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://support.apple.com/kb/HT212804
https://support.apple.com/kb/HT212805
https://ubuntu.com/security/notices/USN-5021-1
https://ubuntu.com/security/notices/USN-5021-2
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl | CVE-2021-22947 | MEDIUM | 7.69.1-r0 | 7.79.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22947.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947
https://hackerone.com/reports/1334763
https://launchpad.net/bugs/1944120 (regression bug)
https://linux.oracle.com/cve/CVE-2021-22947.html
https://linux.oracle.com/errata/ELSA-2021-4059.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://security.netapp.com/advisory/ntap-20211029-0003/
https://ubuntu.com/security/notices/USN-5079-1
https://ubuntu.com/security/notices/USN-5079-2
https://ubuntu.com/security/notices/USN-5079-3
https://ubuntu.com/security/notices/USN-5079-4
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libcurl | CVE-2020-8284 | LOW | 7.69.1-r0 | 7.74.0-r0 |
Expand...https://curl.se/docs/CVE-2020-8284.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8284
https://hackerone.com/reports/1040166
https://linux.oracle.com/cve/CVE-2020-8284.html
https://linux.oracle.com/errata/ELSA-2021-1610.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/
https://security.gentoo.org/glsa/202012-14
https://security.netapp.com/advisory/ntap-20210122-0007/
https://support.apple.com/kb/HT212325
https://support.apple.com/kb/HT212326
https://support.apple.com/kb/HT212327
https://ubuntu.com/security/notices/USN-4665-1
https://ubuntu.com/security/notices/USN-4665-2
https://www.debian.org/security/2021/dsa-4881
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
| | libcurl | CVE-2021-22890 | LOW | 7.69.1-r0 | 7.76.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22890.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22890
https://hackerone.com/reports/1129529
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/
https://security.gentoo.org/glsa/202105-36
https://security.netapp.com/advisory/ntap-20210521-0007/
https://ubuntu.com/security/notices/USN-4898-1
| | libcurl | CVE-2021-22898 | LOW | 7.69.1-r0 | 7.77.0-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/07/21/4
https://curl.se/docs/CVE-2021-22898.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898
https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
https://hackerone.com/reports/1176461
https://linux.oracle.com/cve/CVE-2021-22898.html
https://linux.oracle.com/errata/ELSA-2021-4511.html
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/
https://ubuntu.com/security/notices/USN-5021-1
https://ubuntu.com/security/notices/USN-5021-2
https://www.oracle.com//security-alerts/cpujul2021.html
| | libcurl | CVE-2021-22924 | LOW | 7.69.1-r0 | 7.78.0-r0 |
Expand...https://curl.se/docs/CVE-2021-22924.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924
https://hackerone.com/reports/1223565
https://linux.oracle.com/cve/CVE-2021-22924.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://security.netapp.com/advisory/ntap-20210902-0003/
https://ubuntu.com/security/notices/USN-5021-1
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libssl1.1 | CVE-2021-3711 | CRITICAL | 1.1.1g-r0 | 1.1.1l-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/08/26/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
https://security.netapp.com/advisory/ntap-20210827-0010/
https://security.netapp.com/advisory/ntap-20211022-0003/
https://ubuntu.com/security/notices/USN-5051-1
https://www.debian.org/security/2021/dsa-4963
https://www.openssl.org/news/secadv/20210824.txt
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://www.tenable.com/security/tns-2022-02
| | libssl1.1 | CVE-2021-23840 | HIGH | 1.1.1g-r0 | 1.1.1j-r0 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
https://kc.mcafee.com/corporate/index?page=content&id=SB10366
https://linux.oracle.com/cve/CVE-2021-23840.html
https://linux.oracle.com/errata/ELSA-2021-9561.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210219-0009/
https://ubuntu.com/security/notices/USN-4738-1
https://ubuntu.com/security/notices/USN-5088-1
https://www.debian.org/security/2021/dsa-4855
https://www.openssl.org/news/secadv/20210216.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-03
https://www.tenable.com/security/tns-2021-09
https://www.tenable.com/security/tns-2021-10
| | libssl1.1 | CVE-2021-3450 | HIGH | 1.1.1g-r0 | 1.1.1k-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/03/27/1
http://www.openwall.com/lists/oss-security/2021/03/27/2
http://www.openwall.com/lists/oss-security/2021/03/28/3
http://www.openwall.com/lists/oss-security/2021/03/28/4
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
https://kc.mcafee.com/corporate/index?page=content&id=SB10356
https://linux.oracle.com/cve/CVE-2021-3450.html
https://linux.oracle.com/errata/ELSA-2021-9151.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210326-0006/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
https://www.openssl.org/news/secadv/20210325.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-05
https://www.tenable.com/security/tns-2021-08
https://www.tenable.com/security/tns-2021-09
| | libssl1.1 | CVE-2021-3712 | HIGH | 1.1.1g-r0 | 1.1.1l-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/08/26/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12
https://kc.mcafee.com/corporate/index?page=content&id=SB10366
https://linux.oracle.com/cve/CVE-2021-3712.html
https://linux.oracle.com/errata/ELSA-2022-9023.html
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html
https://security.netapp.com/advisory/ntap-20210827-0010/
https://ubuntu.com/security/notices/USN-5051-1
https://ubuntu.com/security/notices/USN-5051-2
https://ubuntu.com/security/notices/USN-5051-3
https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm)
https://ubuntu.com/security/notices/USN-5088-1
https://www.debian.org/security/2021/dsa-4963
https://www.openssl.org/news/secadv/20210824.txt
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://www.tenable.com/security/tns-2022-02
| | libssl1.1 | CVE-2020-1971 | MEDIUM | 1.1.1g-r0 | 1.1.1i-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/09/14/2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676
https://linux.oracle.com/cve/CVE-2020-1971.html
https://linux.oracle.com/errata/ELSA-2021-9150.html
https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3Ccommits.pulsar.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc
https://security.gentoo.org/glsa/202012-13
https://security.netapp.com/advisory/ntap-20201218-0005/
https://security.netapp.com/advisory/ntap-20210513-0002/
https://ubuntu.com/security/notices/USN-4662-1
https://ubuntu.com/security/notices/USN-4745-1
https://www.debian.org/security/2020/dsa-4807
https://www.openssl.org/news/secadv/20201208.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2020-11
https://www.tenable.com/security/tns-2021-09
https://www.tenable.com/security/tns-2021-10
| | libssl1.1 | CVE-2021-23841 | MEDIUM | 1.1.1g-r0 | 1.1.1j-r0 |
Expand...http://seclists.org/fulldisclosure/2021/May/67
http://seclists.org/fulldisclosure/2021/May/68
http://seclists.org/fulldisclosure/2021/May/70
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23841
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
https://linux.oracle.com/cve/CVE-2021-23841.html
https://linux.oracle.com/errata/ELSA-2021-9561.html
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210219-0009/
https://security.netapp.com/advisory/ntap-20210513-0002/
https://support.apple.com/kb/HT212528
https://support.apple.com/kb/HT212529
https://support.apple.com/kb/HT212534
https://ubuntu.com/security/notices/USN-4738-1
https://ubuntu.com/security/notices/USN-4745-1
https://www.debian.org/security/2021/dsa-4855
https://www.openssl.org/news/secadv/20210216.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-03
https://www.tenable.com/security/tns-2021-09
| | libssl1.1 | CVE-2021-3449 | MEDIUM | 1.1.1g-r0 | 1.1.1k-r0 |
Expand...http://www.openwall.com/lists/oss-security/2021/03/27/1
http://www.openwall.com/lists/oss-security/2021/03/27/2
http://www.openwall.com/lists/oss-security/2021/03/28/3
http://www.openwall.com/lists/oss-security/2021/03/28/4
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
https://kc.mcafee.com/corporate/index?page=content&id=SB10356
https://linux.oracle.com/cve/CVE-2021-3449.html
https://linux.oracle.com/errata/ELSA-2021-9151.html
https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210326-0006/
https://security.netapp.com/advisory/ntap-20210513-0002/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
https://ubuntu.com/security/notices/USN-4891-1
https://ubuntu.com/security/notices/USN-5038-1
https://www.debian.org/security/2021/dsa-4875
https://www.openssl.org/news/secadv/20210325.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-05
https://www.tenable.com/security/tns-2021-06
https://www.tenable.com/security/tns-2021-09
https://www.tenable.com/security/tns-2021-10
| | libssl1.1 | CVE-2021-23839 | LOW | 1.1.1g-r0 | 1.1.1j-r0 |
Expand...https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30919ab80a478f2d81f2e9acdcca3fa4740cd547
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
https://security.netapp.com/advisory/ntap-20210219-0009/
https://www.openssl.org/news/secadv/20210216.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | musl | CVE-2020-28928 | MEDIUM | 1.1.24-r8 | 1.1.24-r10 |
Expand...http://www.openwall.com/lists/oss-security/2020/11/20/4
https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1@%3Cnotifications.apisix.apache.org%3E
https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e@%3Cnotifications.apisix.apache.org%3E
https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2@%3Cnotifications.apisix.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/
https://musl.libc.org/releases.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | musl-utils | CVE-2020-28928 | MEDIUM | 1.1.24-r8 | 1.1.24-r10 |
Expand...http://www.openwall.com/lists/oss-security/2020/11/20/4
https://lists.apache.org/thread.html/r2134abfe847bea7795f0e53756d10a47e6643f35ab8169df8b8a9eb1@%3Cnotifications.apisix.apache.org%3E
https://lists.apache.org/thread.html/r90b60cf49348e515257b4950900c1bd3ab95a960cf2469d919c7264e@%3Cnotifications.apisix.apache.org%3E
https://lists.apache.org/thread.html/ra63e8dc5137d952afc55dbbfa63be83304ecf842d1eab1ff3ebb29e2@%3Cnotifications.apisix.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKQ3RVSMVZNZNO4D65W2CZZ4DMYFZN2Q/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW27QVY7ERPTSGKS4KAWE5TU7EJWHKVQ/
https://musl.libc.org/releases.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | ncurses-libs | CVE-2021-39537 | HIGH | 6.2_p20200523-r0 | 6.2_p20200523-r1 |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
| | ncurses-terminfo-base | CVE-2021-39537 | HIGH | 6.2_p20200523-r0 | 6.2_p20200523-r1 |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
| | sqlite-libs | CVE-2020-15358 | MEDIUM | 3.32.1-r0 | 3.32.1-r1 |
Expand...http://seclists.org/fulldisclosure/2020/Dec/32
http://seclists.org/fulldisclosure/2020/Nov/19
http://seclists.org/fulldisclosure/2020/Nov/20
http://seclists.org/fulldisclosure/2020/Nov/22
http://seclists.org/fulldisclosure/2021/Feb/14
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15358
https://linux.oracle.com/cve/CVE-2020-15358.html
https://linux.oracle.com/errata/ELSA-2021-1581.html
https://security.gentoo.org/glsa/202007-26
https://security.netapp.com/advisory/ntap-20200709-0001/
https://support.apple.com/kb/HT211843
https://support.apple.com/kb/HT211844
https://support.apple.com/kb/HT211847
https://support.apple.com/kb/HT211850
https://support.apple.com/kb/HT211931
https://support.apple.com/kb/HT212147
https://ubuntu.com/security/notices/USN-4438-1
https://usn.ubuntu.com/4438-1/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.sqlite.org/src/info/10fa79d00f8091e5
https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2
https://www.sqlite.org/src/tktview?name=8f157e8010
| | sqlite-libs | CVE-2021-20227 | MEDIUM | 3.32.1-r0 | 3.32.1-r1 |
Expand...https://bugzilla.redhat.com/show_bug.cgi?id=1924886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20227
https://security.gentoo.org/glsa/202103-04
https://security.netapp.com/advisory/ntap-20210423-0010/
https://ubuntu.com/security/notices/USN-4732-1
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.sqlite.org/releaselog/3_34_1.html
| | ssl_client | CVE-2021-28831 | HIGH | 1.31.1-r16 | 1.31.1-r20 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/
https://security.gentoo.org/glsa/202105-09
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42378 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42379 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42380 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42381 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42382 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42383 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
| | ssl_client | CVE-2021-42384 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42385 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42386 | HIGH | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| | ssl_client | CVE-2021-42374 | MEDIUM | 1.31.1-r16 | 1.31.1-r21 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
| **python-pkg** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | pip | CVE-2021-28363 | MEDIUM | 20.1.1 | 21.1 |
Expand...https://github.com/advisories/GHSA-5phf-pp7p-vc2r
https://github.com/pypa/advisory-db/tree/main/vulns/urllib3/PYSEC-2021-59.yaml
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15
https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0
https://github.com/urllib3/urllib3/commits/main
https://github.com/urllib3/urllib3/releases/tag/1.26.4
https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/
https://nvd.nist.gov/vuln/detail/CVE-2021-28363
https://pypi.org/project/urllib3/1.26.4/
https://security.gentoo.org/glsa/202107-36
https://www.oracle.com/security-alerts/cpuoct2021.html
| | pip | CVE-2021-3572 | MEDIUM | 20.1.1 | 21.1 |
Expand...https://access.redhat.com/errata/RHSA-2021:3254
https://bugzilla.redhat.com/show_bug.cgi?id=1962856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3572
https://github.com/advisories/GHSA-5xp3-jfq3-5q8x
https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b
https://github.com/pypa/pip/issues/10042
https://github.com/pypa/pip/issues/10042#issuecomment-857452480
https://github.com/pypa/pip/pull/9827
https://github.com/skazi0/CVE-2021-3572/blob/master/CVE-2021-3572-v9.0.1.patch
https://linux.oracle.com/cve/CVE-2021-3572.html
https://linux.oracle.com/errata/ELSA-2021-4455.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3572
https://packetstormsecurity.com/files/162712/USN-4961-1.txt
| | pip | pyup.io-42218 | UNKNOWN | 20.1.1 | 21.1 |
Expand...
| | urllib3 | CVE-2021-33503 | HIGH | 1.25.9 | 1.26.5 |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503
https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg
https://linux.oracle.com/cve/CVE-2021-33503.html
https://linux.oracle.com/errata/ELSA-2021-4162.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73/
https://nvd.nist.gov/vuln/detail/CVE-2021-33503
https://security.gentoo.org/glsa/202107-36
https://www.oracle.com/security-alerts/cpuoct2021.html
|