ID

VAR-202102-1488


CVE

CVE-2021-23841


TITLE

OpenSSL Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202102-1200

DESCRIPTION

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). There is no information about this vulnerability at present. Please keep an eye on CNNVD or manufacturer announcements. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Bugs fixed (https://bugzilla.redhat.com/): 1908036 - openssl listens on IPv4 "any" socket only not on IPv6 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1934534 - Rebase OpenSSL to 1.1.1k 1934600 - DTLS1.0 connections are allowed in DEFAULT crypto-policy [rhel-8] 1939637 - Openssl -dtls option breaks in FIPS mode[rhel8] 1940085 - FIPS_selftest() fails in FIPS mode. 1965362 - In renegotiated handshake openssl sends extensions which client didn't advertise in second ClientHello [rhel-8] 6. Package List: Red Hat Enterprise Linux BaseOS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. 8) - noarch 3. Description: EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: edk2 (20210527gite1999b264f1f). ========================================================================== Ubuntu Security Notice USN-4745-1 February 23, 2021 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in OpenSSL. (CVE-2021-23841) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: libssl1.0.0 1.0.1f-1ubuntu2.27+esm2 Ubuntu 12.04 ESM: libssl1.0.0 1.0.1-4ubuntu5.45 After a standard system update you need to reboot your computer to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202103-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 31, 2021 Bugs: #769785, #777681 ID: 202103-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which could allow remote attackers to cause a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.1.1k >= 1.1.1k Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1k" References ========== [ 1 ] CVE-2021-23840 https://nvd.nist.gov/vuln/detail/CVE-2021-23840 [ 2 ] CVE-2021-23841 https://nvd.nist.gov/vuln/detail/CVE-2021-23841 [ 3 ] CVE-2021-3449 https://nvd.nist.gov/vuln/detail/CVE-2021-3449 [ 4 ] CVE-2021-3450 https://nvd.nist.gov/vuln/detail/CVE-2021-3450 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202103-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1168 - Disable hostname verification in syslog TLS settings LOG-1235 - Using HTTPS without a secret does not translate into the correct 'scheme' value in Fluentd LOG-1375 - ssl_ca_cert should be optional LOG-1378 - CLO should support sasl_plaintext(Password over http) LOG-1392 - In fluentd config, flush_interval can't be set with flush_mode=immediate LOG-1494 - Syslog output is serializing json incorrectly LOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server LOG-1575 - Rejected by Elasticsearch and unexpected json-parsing LOG-1735 - Regression introducing flush_at_shutdown LOG-1774 - The collector logs should be excluded in fluent.conf LOG-1776 - fluentd total_limit_size sets value beyond available space LOG-1822 - OpenShift Alerting Rules Style-Guide Compliance LOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled LOG-1862 - Unsupported kafka parameters when enabled Kafka SASL LOG-1903 - Fix the Display of ClusterLogging type in OLM LOG-1911 - CLF API changes to Opt-in to multiline error detection LOG-1918 - Alert `FluentdNodeDown` always firing LOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ACS 3.67 security and enhancement update Advisory ID: RHSA-2021:4902-01 Product: RHACS Advisory URL: https://access.redhat.com/errata/RHSA-2021:4902 Issue date: 2021-12-01 CVE Names: CVE-2018-20673 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2020-27304 CVE-2021-3200 CVE-2021-3445 CVE-2021-3580 CVE-2021-3749 CVE-2021-3800 CVE-2021-3801 CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-23343 CVE-2021-23840 CVE-2021-23841 CVE-2021-27645 CVE-2021-28153 CVE-2021-29923 CVE-2021-32690 CVE-2021-33560 CVE-2021-33574 CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-39293 ===================================================================== 1. Summary: Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes: OpenShift Dedicated support RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform. 1. Use OpenShift OAuth server as an identity provider If you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS. 2. Enhancements for CI outputs Red Hat has improved the usability of RHACS CI integrations. CI outputs now show additional detailed information about the vulnerabilities and the security policies responsible for broken builds. 3. Runtime Class policy criteria Users can now use RHACS to define the container runtime configuration that may be used to run a pod’s containers using the Runtime Class policy criteria. Security Fix(es): * civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API (CVE-2020-27304) * nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749) * nodejs-prismjs: ReDoS vulnerability (CVE-2021-3801) * golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) * helm: information disclosure vulnerability (CVE-2021-32690) * golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293) * nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fixes The release of RHACS 3.67 includes the following bug fixes: 1. Previously, when using RHACS with the Compliance Operator integration, RHACS did not respect or populate Compliance Operator TailoredProfiles. 2. Previously, the Alpine Linux package manager (APK) in Image policy looked for the presence of apk package in the image rather than the apk-tools package. This issue has been fixed. System changes The release of RHACS 3.67 includes the following system changes: 1. Scanner now identifies vulnerabilities in Ubuntu 21.10 images. 2. The Port exposure method policy criteria now include route as an exposure method. 3. The OpenShift: Kubeadmin Secret Accessed security policy now allows the OpenShift Compliance Operator to check for the existence of the Kubeadmin secret without creating a violation. 4. The OpenShift Compliance Operator integration now supports using TailoredProfiles. 5. The RHACS Jenkins plugin now provides additional security information. 6. When you enable the environment variable ROX_NETWORK_ACCESS_LOG for Central, the logs contain the Request URI and X-Forwarded-For header values. 7. The default uid:gid pair for the Scanner image is now 65534:65534. 8. RHACS adds a new default Scope Manager role that includes minimum permissions to create and modify access scopes. 9. If microdnf is part of an image or shows up in process execution, RHACS reports it as a security violation for the Red Hat Package Manager in Image or the Red Hat Package Manager Execution security policies. 10. In addition to manually uploading vulnerability definitions in offline mode, you can now upload definitions in online mode. 11. You can now format the output of the following roxctl CLI commands in table, csv, or JSON format: image scan, image check & deployment check 12. You can now use a regular expression for the deployment name while specifying policy exclusions 3. Solution: To take advantage of these new features, fixes and changes, please upgrade Red Hat Advanced Cluster Security for Kubernetes to version 3.67. 4. Bugs fixed (https://bugzilla.redhat.com/): 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2005445 - CVE-2021-3801 nodejs-prismjs: ReDoS vulnerability 2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) 2016640 - CVE-2020-27304 civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API 5. JIRA issues fixed (https://issues.jboss.org/): RHACS-65 - Release RHACS 3.67.0 6. References: https://access.redhat.com/security/cve/CVE-2018-20673 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-27304 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3801 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-20266 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-23343 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-27645 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-32690 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-33574 https://access.redhat.com/security/cve/CVE-2021-35942 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-39293 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYafeGdzjgjWX9erEAQgZ8Q/9H5ov4ZfKZszdJu0WvRMetEt6DMU2RTZr Kjv4h4FnmsMDYYDocnkFvsRjcpdGxtoUShAqD6+FrTNXjPtA/v1tsQTJzhg4o50w tKa9T4aHfrYXjGvWgQXJJEGmGaYMYePUOv77x6pLfMB+FmgfOtb8kzOdNzAtqX3e lq8b2DrQuPSRiWkUgFM2hmS7OtUsqTIShqWu67HJdOY74qDN4DGp7GnG6inCrUjV x4/4X5Fb7JrAYiy57C5eZwYW61HmrG7YHk9SZTRYgRW0rfgLncVsny4lX1871Ch2 e8ttu0EJFM1EJyuCJwJd1Q+rhua6S1VSY+etLUuaYme5DtvozLXQTLUK31qAq/hK qnLYQjaSieea9j1dV6YNHjnvV0XGczyZYwzmys/CNVUxwvSHr1AJGmQ3zDeOt7Qz vguWmPzyiob3RtHjfUlUpPYeI6HVug801YK6FAoB9F2BW2uHVgbtKOwG5pl5urJt G4taizPtH8uJj5hem5nHnSE1sVGTiStb4+oj2LQonRkgLQ2h7tsX8Z8yWM/3TwUT PTBX9AIHwt8aCx7XxTeEIs0H9B1T9jYfy06o9H2547un9sBoT0Sm7fqKuJKic8N/ pJ2kXBiVJ9B4G+JjWe8rh1oC1yz5Q5/5HZ19VYBjHhYEhX4s9s2YsF1L1uMoT3NN T0pPNmsPGZY= =ux5P -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary: The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 5. Bugs fixed (https://bugzilla.redhat.com/): 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 5

Trust: 1.8

sources: NVD: CVE-2021-23841 // VULHUB: VHN-382524 // PACKETSTORM: 165296 // PACKETSTORM: 164889 // PACKETSTORM: 164890 // PACKETSTORM: 161525 // PACKETSTORM: 162041 // PACKETSTORM: 164967 // PACKETSTORM: 165129 // PACKETSTORM: 165099 // PACKETSTORM: 165002

AFFECTED PRODUCTS

vendor:oraclemodel:business intelligencescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:5.9.0.0.0

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:5.5.0.0.0

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:21.0.0.2

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.1.1

Trust: 1.0

vendor:oraclemodel:jd edwards world securityscope:eqversion:a9.4

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:20.3.1.2

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:eqversion:5.12.1

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:eqversion:5.12.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:eqversion:5.11.0

Trust: 1.0

vendor:oraclemodel:mysql serverscope:ltversion:5.7.33

Trust: 1.0

vendor:oraclemodel:enterprise manager for storage managementscope:eqversion:13.4.0.0

Trust: 1.0

vendor:oraclemodel:mysql serverscope:ltversion:8.0.23

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.4.0.0

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:applemodel:safariscope:ltversion:14.1.1

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.4

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.1.1j

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.6

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:ltversion:8.0.23

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.1

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:eqversion:5.11.1

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.6

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:eqversion:5.13.0

Trust: 1.0

vendor:oraclemodel:mysql serverscope:gteversion:8.0.15

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:19.3.5

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:sinec insscope:eqversion:1.0

Trust: 1.0

vendor:siemensmodel:sinec insscope:ltversion:1.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:tenablemodel:tenable.scscope:gteversion:5.13.0

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.0.2y

Trust: 1.0

vendor:tenablemodel:tenable.scscope:lteversion:5.17.0

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.15.0

Trust: 1.0

vendor:oraclemodel:essbasescope:eqversion:21.2

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.0.2

Trust: 1.0

sources: NVD: CVE-2021-23841

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-23841
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202102-1200
value: MEDIUM

Trust: 0.6

VULHUB: VHN-382524
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-23841
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-382524
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-23841
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-382524 // CNNVD: CNNVD-202102-1200 // NVD: CVE-2021-23841

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.1

problemtype:CWE-190

Trust: 0.1

sources: VULHUB: VHN-382524 // NVD: CVE-2021-23841

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 161525 // PACKETSTORM: 162041 // PACKETSTORM: 165129 // CNNVD: CNNVD-202102-1200

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202102-1200

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-382524

PATCH

title:OpenSSL Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142812

Trust: 0.6

sources: CNNVD: CNNVD-202102-1200

EXTERNAL IDS

db:NVDid:CVE-2021-23841

Trust: 2.6

db:TENABLEid:TNS-2021-03

Trust: 1.7

db:TENABLEid:TNS-2021-09

Trust: 1.7

db:PULSESECUREid:SA44846

Trust: 1.7

db:SIEMENSid:SSA-637483

Trust: 1.7

db:PACKETSTORMid:161525

Trust: 0.8

db:PACKETSTORMid:165099

Trust: 0.8

db:PACKETSTORMid:165002

Trust: 0.8

db:PACKETSTORMid:164890

Trust: 0.8

db:PACKETSTORMid:165129

Trust: 0.8

db:PACKETSTORMid:162041

Trust: 0.8

db:PACKETSTORMid:162151

Trust: 0.7

db:PACKETSTORMid:165096

Trust: 0.7

db:PACKETSTORMid:164583

Trust: 0.7

db:PACKETSTORMid:162823

Trust: 0.7

db:PACKETSTORMid:164927

Trust: 0.7

db:PACKETSTORMid:161459

Trust: 0.7

db:AUSCERTid:ESB-2021.0974

Trust: 0.6

db:AUSCERTid:ESB-2021.0616

Trust: 0.6

db:AUSCERTid:ESB-2021.0786

Trust: 0.6

db:AUSCERTid:ESB-2021.3792

Trust: 0.6

db:AUSCERTid:ESB-2021.0636

Trust: 0.6

db:AUSCERTid:ESB-2021.3375

Trust: 0.6

db:AUSCERTid:ESB-2021.4095

Trust: 0.6

db:AUSCERTid:ESB-2021.0916

Trust: 0.6

db:AUSCERTid:ESB-2021.4172

Trust: 0.6

db:AUSCERTid:ESB-2021.4104

Trust: 0.6

db:AUSCERTid:ESB-2021.3485

Trust: 0.6

db:AUSCERTid:ESB-2021.1618

Trust: 0.6

db:AUSCERTid:ESB-2021.4059

Trust: 0.6

db:AUSCERTid:ESB-2021.3499

Trust: 0.6

db:AUSCERTid:ESB-2021.4019

Trust: 0.6

db:AUSCERTid:ESB-2021.0670

Trust: 0.6

db:AUSCERTid:ESB-2021.3846

Trust: 0.6

db:AUSCERTid:ESB-2021.0958

Trust: 0.6

db:AUSCERTid:ESB-2021.0897

Trust: 0.6

db:AUSCERTid:ESB-2021.1015

Trust: 0.6

db:AUSCERTid:ESB-2021.1225

Trust: 0.6

db:AUSCERTid:ESB-2022.0696

Trust: 0.6

db:AUSCERTid:ESB-2021.3905

Trust: 0.6

db:AUSCERTid:ESB-2021.3935

Trust: 0.6

db:AUSCERTid:ESB-2021.4254

Trust: 0.6

db:AUSCERTid:ESB-2021.0859

Trust: 0.6

db:AUSCERTid:ESB-2021.1794

Trust: 0.6

db:AUSCERTid:ESB-2021.0832

Trust: 0.6

db:AUSCERTid:ESB-2022.4616

Trust: 0.6

db:AUSCERTid:ESB-2021.1502

Trust: 0.6

db:AUSCERTid:ESB-2021.2657

Trust: 0.6

db:AUSCERTid:ESB-2021.4229

Trust: 0.6

db:AUSCERTid:ESB-2021.0992

Trust: 0.6

db:PACKETSTORMid:164562

Trust: 0.6

db:PACKETSTORMid:164489

Trust: 0.6

db:PACKETSTORMid:161450

Trust: 0.6

db:CS-HELPid:SB2021041501

Trust: 0.6

db:CS-HELPid:SB2022022131

Trust: 0.6

db:CS-HELPid:SB2021120313

Trust: 0.6

db:CS-HELPid:SB2021102116

Trust: 0.6

db:CS-HELPid:SB2022071618

Trust: 0.6

db:CS-HELPid:SB2022071832

Trust: 0.6

db:CS-HELPid:SB2021051226

Trust: 0.6

db:CS-HELPid:SB2021052505

Trust: 0.6

db:CS-HELPid:SB2021101933

Trust: 0.6

db:CS-HELPid:SB2022032007

Trust: 0.6

db:CS-HELPid:SB2021052508

Trust: 0.6

db:CS-HELPid:SB2021042109

Trust: 0.6

db:CS-HELPid:SB2021111137

Trust: 0.6

db:CS-HELPid:SB2021101330

Trust: 0.6

db:CS-HELPid:SB2021111733

Trust: 0.6

db:ICS CERTid:ICSA-21-336-06

Trust: 0.6

db:ICS CERTid:ICSA-22-258-05

Trust: 0.6

db:CNNVDid:CNNVD-202102-1200

Trust: 0.6

db:PACKETSTORMid:164889

Trust: 0.2

db:PACKETSTORMid:164928

Trust: 0.1

db:PACKETSTORMid:162824

Trust: 0.1

db:PACKETSTORMid:162826

Trust: 0.1

db:VULHUBid:VHN-382524

Trust: 0.1

db:PACKETSTORMid:165296

Trust: 0.1

db:PACKETSTORMid:164967

Trust: 0.1

sources: VULHUB: VHN-382524 // PACKETSTORM: 165296 // PACKETSTORM: 164889 // PACKETSTORM: 164890 // PACKETSTORM: 161525 // PACKETSTORM: 162041 // PACKETSTORM: 164967 // PACKETSTORM: 165129 // PACKETSTORM: 165099 // PACKETSTORM: 165002 // CNNVD: CNNVD-202102-1200 // NVD: CVE-2021-23841

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.3

url:https://security.gentoo.org/glsa/202103-03

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

Trust: 1.7

url:https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44846

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20210219-0009/

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20210513-0002/

Trust: 1.7

url:https://support.apple.com/kb/ht212528

Trust: 1.7

url:https://support.apple.com/kb/ht212529

Trust: 1.7

url:https://support.apple.com/kb/ht212534

Trust: 1.7

url:https://www.openssl.org/news/secadv/20210216.txt

Trust: 1.7

url:https://www.tenable.com/security/tns-2021-03

Trust: 1.7

url:https://www.tenable.com/security/tns-2021-09

Trust: 1.7

url:https://www.debian.org/security/2021/dsa-4855

Trust: 1.7

url:http://seclists.org/fulldisclosure/2021/may/67

Trust: 1.7

url:http://seclists.org/fulldisclosure/2021/may/70

Trust: 1.7

url:http://seclists.org/fulldisclosure/2021/may/68

Trust: 1.7

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-23841

Trust: 1.3

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807

Trust: 1.0

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=122a19ab48091c657f7cb1fb3af9fc07bd557bbf

Trust: 1.0

url:https://security.netapp.com/advisory/ntap-20240621-0006/

Trust: 1.0

url:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf

Trust: 0.7

url:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.7

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-23840

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0916

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0958

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022022131

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0832

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-may-affect-ibm-workload-scheduler-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2657

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3905

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0636

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2020-1971-cve-2021-23840-cve-2021-23841/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3792

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-engineering-lifecycle-management-and-ibm-engineering-products/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1015

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerabilities-affect-messagegateway-cve-2021-23841-cve-2021-23840/

Trust: 0.6

url:https://packetstormsecurity.com/files/164890/red-hat-security-advisory-2021-4198-03.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162041/gentoo-linux-security-advisory-202103-03.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071618

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-z-tpf-is-affected-by-openssl-vulnerabilities/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021120313

Trust: 0.6

url:https://packetstormsecurity.com/files/161525/ubuntu-security-notice-usn-4745-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1618

Trust: 0.6

url:https://packetstormsecurity.com/files/162823/apple-security-advisory-2021-05-25-1.html

Trust: 0.6

url:https://support.apple.com/en-us/ht212529

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4616

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-aix-cve-2021-23839-cve-2021-23840-and-cve-2021-23841/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6486335

Trust: 0.6

url:https://vigilance.fr/vulnerability/openssl-null-pointer-dereference-via-x509-issuer-and-serial-hash-34598

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2021-23839-cve-2021-23840-cve/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4059

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3485

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042109

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4254

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-258-05

Trust: 0.6

url:https://packetstormsecurity.com/files/164562/red-hat-security-advisory-2021-3925-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4095

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4172

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-aix-cve-2021-23839-cve-2021-23840-and-cve-2021-23841-2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2021-23840-and-cve-2021-23841/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-fixed-in-openssl-as-shipped-with-ibm-security-verify-products/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-v2-103-000-051-and-modules/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021111137

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0859

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors/

Trust: 0.6

url:https://packetstormsecurity.com/files/164927/red-hat-security-advisory-2021-4614-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-openssl-vulnerabilities-affect-ibm-connectdirect-for-hp-nonstop/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021051226

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0897

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0974

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6487493

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3846

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1502

Trust: 0.6

url:https://support.apple.com/en-us/ht212534

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1225

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonstop-server-is-affected-by-multiple-openssl-vulnerabilities-cve-2021-23839-cve-2021-23840-and-cve-2021-23841/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4019

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0616

Trust: 0.6

url:https://packetstormsecurity.com/files/161459/ubuntu-security-notice-usn-4738-1.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerabilities-cve-2021-23839-cve-2021-23840-and-cve-2021-23841/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021111733

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041501

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectexpress-for-unix-is-affected-by-multiple-vulnerabilities-in-openssl-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3375

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4104

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101933

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6479349

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1794

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3499

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032007

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052508

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101330

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052505

Trust: 0.6

url:https://packetstormsecurity.com/files/165129/red-hat-security-advisory-2021-4902-06.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071832

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0696

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-for-node-js-in-ibm-cloud-5/

Trust: 0.6

url:https://packetstormsecurity.com/files/164583/red-hat-security-advisory-2021-3949-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162151/red-hat-security-advisory-2021-1168-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-rational-clearcase-cve-2020-1971-cve-2021-23839-cve-2021-23840-cve-2021-23841-cve-2021-23839-cve-2021-23840-cve-2021-23841/

Trust: 0.6

url:https://packetstormsecurity.com/files/165096/red-hat-security-advisory-2021-4845-05.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3935

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0786

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6507581

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4229

Trust: 0.6

url:https://packetstormsecurity.com/files/165002/red-hat-security-advisory-2021-4032-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/165099/red-hat-security-advisory-2021-4848-07.html

Trust: 0.6

url:https://packetstormsecurity.com/files/161450/openssl-toolkit-1.1.1j.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0670

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0992

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2020-1971-cve-2021-23840-cve-2021-23841-2/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6490371

Trust: 0.6

url:https://packetstormsecurity.com/files/164489/red-hat-security-advisory-2021-3798-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2021-23839-cve-2021-23840-cve-2/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021102116

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-336-06

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2018-20673

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2018-20673

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-20266

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3778

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3796

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-14145

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-14145

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.3

url:https://issues.jboss.org/):

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-20232

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-20231

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-20266

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-24504

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-27777

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20239

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36158

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35448

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3635

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25013

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20284

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25012

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35522

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36386

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35524

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-0427

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25013

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24586

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3348

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25009

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26140

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3487

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26146

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-31440

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3732

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-0129

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10001

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24502

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25014

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3564

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-0427

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23133

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25012

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26144

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35521

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3679

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36312

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-29368

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24588

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-29646

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-29155

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-17541

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3489

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36331

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-29660

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-31535

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26139

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-28971

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14615

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26143

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3600

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26145

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33200

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36330

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-29650

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33033

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20194

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26147

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-31916

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36332

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25010

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-17541

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10001

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-24503

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25014

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14615

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-24502

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3481

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25009

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25010

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35523

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-31829

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3573

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20197

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26141

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-28950

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24587

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24503

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3659

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-27645

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-28153

Trust: 0.2

url:https://access.redhat.com/security/vulnerabilities/rhsb-2021-009

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43527

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44228

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5137

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4424

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4198

Trust: 0.1

url:https://usn.ubuntu.com/4745-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3450

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3449

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33194

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4627

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23343

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27304

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39293

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29923

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3749

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4902

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23343

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27304

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3801

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3757

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.1

url:https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4848

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3948

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36222

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3620

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23369

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23383

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23369

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23383

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4032

Trust: 0.1

sources: VULHUB: VHN-382524 // PACKETSTORM: 165296 // PACKETSTORM: 164889 // PACKETSTORM: 164890 // PACKETSTORM: 161525 // PACKETSTORM: 162041 // PACKETSTORM: 164967 // PACKETSTORM: 165129 // PACKETSTORM: 165099 // PACKETSTORM: 165002 // CNNVD: CNNVD-202102-1200 // NVD: CVE-2021-23841

CREDITS

Red Hat

Trust: 1.3

sources: PACKETSTORM: 165296 // PACKETSTORM: 164889 // PACKETSTORM: 164890 // PACKETSTORM: 164967 // PACKETSTORM: 165129 // PACKETSTORM: 165099 // PACKETSTORM: 165002 // CNNVD: CNNVD-202102-1200

SOURCES

db:VULHUBid:VHN-382524
db:PACKETSTORMid:165296
db:PACKETSTORMid:164889
db:PACKETSTORMid:164890
db:PACKETSTORMid:161525
db:PACKETSTORMid:162041
db:PACKETSTORMid:164967
db:PACKETSTORMid:165129
db:PACKETSTORMid:165099
db:PACKETSTORMid:165002
db:CNNVDid:CNNVD-202102-1200
db:NVDid:CVE-2021-23841

LAST UPDATE DATE

2026-07-13T22:08:04.408000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-382524date:2023-01-09T00:00:00
db:CNNVDid:CNNVD-202102-1200date:2022-09-19T00:00:00
db:NVDid:CVE-2021-23841date:2026-06-17T03:38:54.823

SOURCES RELEASE DATE

db:VULHUBid:VHN-382524date:2021-02-16T00:00:00
db:PACKETSTORMid:165296date:2021-12-15T15:27:05
db:PACKETSTORMid:164889date:2021-11-10T17:13:10
db:PACKETSTORMid:164890date:2021-11-10T17:13:18
db:PACKETSTORMid:161525date:2021-02-24T14:50:51
db:PACKETSTORMid:162041date:2021-03-31T14:36:01
db:PACKETSTORMid:164967date:2021-11-15T17:25:56
db:PACKETSTORMid:165129date:2021-12-02T16:06:16
db:PACKETSTORMid:165099date:2021-11-30T14:44:48
db:PACKETSTORMid:165002date:2021-11-17T15:25:40
db:CNNVDid:CNNVD-202102-1200date:2021-02-16T00:00:00
db:NVDid:CVE-2021-23841date:2021-02-16T17:15:13.377