ID

VAR-202103-1464


CVE

CVE-2021-3449


TITLE

OpenSSL Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202103-1458

DESCRIPTION

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update Advisory ID: RHSA-2021:2479-01 Product: Red Hat OpenShift Container Storage Advisory URL: https://access.redhat.com/errata/RHSA-2021:2479 Issue date: 2021-06-17 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 CVE-2019-25013 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13434 CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 CVE-2020-15358 CVE-2020-24977 CVE-2020-25659 CVE-2020-25678 CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 CVE-2020-27783 CVE-2020-28196 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2020-36242 CVE-2021-3139 CVE-2021-3177 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3528 CVE-2021-20305 CVE-2021-23239 CVE-2021-23240 CVE-2021-23336 ==================================================================== 1. Summary: Updated images that fix one security issue and several bugs are now available for Red Hat OpenShift Container Storage 4.6.5 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API. Security Fix(es): * NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Currently, a newly restored PVC cannot be mounted if some of the OpenShift Container Platform nodes are running on a version of Red Hat Enterprise Linux which is less than 8.2, and the snapshot from which the PVC was restored is deleted. Workaround: Do not delete the snapshot from which the PVC was restored until the restored PVC is deleted. (BZ#1962483) * Previously, the default backingstore was not created on AWS S3 when OpenShift Container Storage was deployed, due to incorrect identification of AWS S3. With this update, the default backingstore gets created when OpenShift Container Storage is deployed on AWS S3. (BZ#1927307) * Previously, log messages were printed to the endpoint pod log even if the debug option was not set. With this update, the log messages are printed to the endpoint pod log only when the debug option is set. (BZ#1938106) * Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did not register the pod IP on the monitor servers, and hence every mount on the filesystem timed out, resulting in CephFS volume provisioning failure. With this update, an argument `--public-addr=podIP` is added to the MDS pod when the host network is not enabled, and hence the CephFS volume provisioning does not fail. (BZ#1949558) * Previously, OpenShift Container Storage 4.2 clusters were not updated with the correct cache value, and hence MDSs in standby-replay might report an oversized cache, as rook did not apply the `mds_cache_memory_limit` argument during upgrades. With this update, the `mds_cache_memory_limit` argument is applied during upgrades and the mds daemon operates normally. (BZ#1951348) * Previously, the coredumps were not generated in the correct location as rook was setting the config option `log_file` to an empty string since logging happened on stdout and not on the files, and hence Ceph read the value of the `log_file` to build the dump path. With this update, rook does not set the `log_file` and keeps Ceph's internal default, and hence the coredumps are generated in the correct location and are accessible under `/var/log/ceph/`. (BZ#1938049) * Previously, Ceph became inaccessible, as the mons lose quorum if a mon pod was drained while another mon was failing over. With this update, voluntary mon drains are prevented while a mon is failing over, and hence Ceph does not become inaccessible. (BZ#1946573) * Previously, the mon quorum was at risk, as the operator could erroneously remove the new mon if the operator was restarted during a mon failover. With this update, the operator completes the same mon failover after the operator is restarted, and hence the mon quorum is more reliable in the node drains and mon failover scenarios. (BZ#1959983) All users of Red Hat OpenShift Container Storage are advised to pull these new images from the Red Hat Container Registry. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod 1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b 1951348 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay 1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore 1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files 1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version] 1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover 1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout 1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod 5. References: https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25678 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2021-3139 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3528 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-23239 https://access.redhat.com/security/cve/CVE-2021-23240 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND Q1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo FKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS v59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF HXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd 6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN kAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC L+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG sIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz V144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO AQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT RCrstqAM5QQ=DHD0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1928172 - CVE-2020-13949 libthrift: potential DoS when processing untrusted payloads 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 5. Security Fix(es): * jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718) * jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719) * jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360) * jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361) * jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-35490) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource (CVE-2020-35491) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-35728) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36179) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36180) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36181) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36182) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-36183) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-36184) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource (CVE-2020-36185) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource (CVE-2020-36186) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource (CVE-2020-36187) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource (CVE-2020-36188) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSourc e (CVE-2020-36189) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing (CVE-2021-20190) * jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720) * jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1909266 - CVE-2020-35490 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource 1909269 - CVE-2020-35491 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource 1911502 - CVE-2020-35728 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool 1913871 - CVE-2020-36179 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS 1913872 - CVE-2020-36180 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS 1913874 - CVE-2020-36181 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS 1913926 - CVE-2020-36182 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS 1913927 - CVE-2020-36183 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool 1913928 - CVE-2020-36184 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource 1913929 - CVE-2020-36185 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource 1913931 - CVE-2020-36186 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource 1913933 - CVE-2020-36187 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource 1913934 - CVE-2020-36188 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource 1913937 - CVE-2020-36189 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource 1916633 - CVE-2021-20190 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing 1925361 - [4.6] ClusterLogForwarder namespace-specific log forwarding does not work as expected 1950894 - Placeholder bug for OCP 4.6.0 extras release 5. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security Fix(es): * fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321) * fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500) * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing - -u- extension (CVE-2020-28851) * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852) * go-slug: partial protection against zip slip attacks (CVE-2020-29529) * nodejs-lodash: command injection via template (CVE-2021-23337) * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Documentation is referencing deprecated API for Service Export - Submariner (BZ#1936528) * Importing of cluster fails due to error/typo in generated command (BZ#1936642) * RHACM 2.2.2 images (BZ#1938215) * 2.2 clusterlifecycle fails to allow provision `fips: true` clusters on aws, vsphere (BZ#1941778) 3. Bugs fixed (https://bugzilla.redhat.com/): 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1914238 - CVE-2020-29529 go-slug: partial protection against zip slip attacks 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1936528 - Documentation is referencing deprecated API for Service Export - Submariner 1936642 - Importing of cluster fails due to error/typo in generated command 1938215 - RHACM 2.2.2 images 1941778 - 2.2 clusterlifecycle fails to allow provision `fips: true` clusters on aws, vsphere 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 5. ========================================================================== Ubuntu Security Notice USN-5038-1 August 12, 2021 postgresql-10, postgresql-12, postgresql-13 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in PostgreSQL. Software Description: - postgresql-13: Object-relational SQL database - postgresql-12: Object-relational SQL database - postgresql-10: Object-relational SQL database Details: It was discovered that the PostgresQL planner could create incorrect plans in certain circumstances. A remote attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly obtain sensitive information from memory. (CVE-2021-3677) It was discovered that PostgreSQL incorrectly handled certain SSL renegotiation ClientHello messages from clients. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2021-3449) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: postgresql-13 13.4-0ubuntu0.21.04.1 Ubuntu 20.04 LTS: postgresql-12 12.8-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: postgresql-10 10.18-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes

Trust: 1.44

sources: NVD: CVE-2021-3449 // VULHUB: VHN-388130 // PACKETSTORM: 163209 // PACKETSTORM: 163276 // PACKETSTORM: 162350 // PACKETSTORM: 162151 // PACKETSTORM: 163815

AFFECTED PRODUCTS

vendor:oraclemodel:graalvmscope:eqversion:20.3.1.2

Trust: 1.0

vendor:oraclemodel:mysql workbenchscope:lteversion:8.0.23

Trust: 1.0

vendor:siemensmodel:simatic cloud connect 7scope:eqversion: -

Trust: 1.0

vendor:netappmodel:cloud volumes ontap mediatorscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic net cp 1543sp-1scope:gteversion:2.1

Trust: 1.0

vendor:siemensmodel:simatic pdmscope:gteversion:9.1.0.7

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:eqversion:5.12.1

Trust: 1.0

vendor:oraclemodel:essbasescope:eqversion:21.2

Trust: 1.0

vendor:sonicwallmodel:sma100scope:gteversion:10.2.0.0

Trust: 1.0

vendor:checkpointmodel:multi-domain managementscope:eqversion:r80.40

Trust: 1.0

vendor:siemensmodel:scalance s627-2mscope:gteversion:4.1

Trust: 1.0

vendor:siemensmodel:scalance xp-200scope:ltversion:4.3

Trust: 1.0

vendor:siemensmodel:simatic process historian opc ua serverscope:gteversion:2019

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.0.0

Trust: 1.0

vendor:siemensmodel:simatic cp 1242-7 gprs v2scope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jd edwards world securityscope:eqversion:a9.4

Trust: 1.0

vendor:siemensmodel:scalance xr524-8cscope:ltversion:6.4

Trust: 1.0

vendor:tenablemodel:tenable.scscope:gteversion:5.13.0

Trust: 1.0

vendor:siemensmodel:simatic rf188ciscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic net cp 1243-1scope:gteversion:3.1

Trust: 1.0

vendor:siemensmodel:simatic rf185cscope:eqversion:*

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:eqversion:5.13.0

Trust: 1.0

vendor:oraclemodel:mysql connectorsscope:lteversion:8.0.23

Trust: 1.0

vendor:siemensmodel:simatic net cp 1543-1scope:ltversion:3.0

Trust: 1.0

vendor:siemensmodel:tim 1531 ircscope:ltversion:2.2

Trust: 1.0

vendor:oraclemodel:secure global desktopscope:eqversion:5.6

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:10.24.0

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:5.7.33

Trust: 1.0

vendor:siemensmodel:scalance xr-300wgscope:ltversion:4.3

Trust: 1.0

vendor:sonicwallmodel:sma100scope:ltversion:10.2.1.0-17sv

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1217cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinamics connect 300scope:eqversion:*

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:12.12.0

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:eqversion:5.11.1

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:siemensmodel:scalance xm-400scope:ltversion:6.4

Trust: 1.0

vendor:siemensmodel:simatic net cp1243-7 lte euscope:gteversion:3.1

Trust: 1.0

vendor:checkpointmodel:quantum security gatewayscope:eqversion:r81

Trust: 1.0

vendor:oraclemodel:communications communications policy managementscope:eqversion:12.6.0.0.0

Trust: 1.0

vendor:siemensmodel:simatic rf360rscope:eqversion:*

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1214cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance s615scope:gteversion:6.2

Trust: 1.0

vendor:oraclemodel:mysql serverscope:gteversion:8.0.15

Trust: 1.0

vendor:siemensmodel:simatic mv500scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1212fcscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinec pniscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xf-200bascope:ltversion:4.3

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:eqversion:5.12.0

Trust: 1.0

vendor:siemensmodel:simatic rf188cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:*

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1211cscope:eqversion:*

Trust: 1.0

vendor:tenablemodel:nessusscope:lteversion:8.13.1

Trust: 1.0

vendor:oraclemodel:enterprise manager for storage managementscope:eqversion:13.4.0.0

Trust: 1.0

vendor:checkpointmodel:multi-domain managementscope:eqversion:r81

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.7

Trust: 1.0

vendor:siemensmodel:simatic hmi basic panels 2nd generationscope:eqversion:*

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:19.12

Trust: 1.0

vendor:siemensmodel:scalance w700scope:gteversion:6.5

Trust: 1.0

vendor:netappmodel:e-series performance analyzerscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xr552-12scope:ltversion:6.4

Trust: 1.0

vendor:siemensmodel:simatic net cp1243-7 lte usscope:gteversion:3.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:12.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.1.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:19.3.5

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:20.12

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:14.14.0

Trust: 1.0

vendor:tenablemodel:tenable.scscope:lteversion:5.17.0

Trust: 1.0

vendor:mcafeemodel:web gateway cloud servicescope:eqversion:10.1.1

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.1.1k

Trust: 1.0

vendor:siemensmodel:simatic rf166cscope:eqversion:*

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:siemensmodel:scalance xc-200scope:ltversion:4.3

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1215cscope:eqversion:*

Trust: 1.0

vendor:checkpointmodel:quantum security managementscope:eqversion:r80.40

Trust: 1.0

vendor:siemensmodel:scalance xr526-8cscope:ltversion:6.4

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:15.14.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518-4 pn\/dp mfpscope:eqversion:*

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:mcafeemodel:web gateway cloud servicescope:eqversion:9.2.10

Trust: 1.0

vendor:siemensmodel:tim 1531 ircscope:gteversion:2.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:21.0.0.2

Trust: 1.0

vendor:oraclemodel:secure backupscope:ltversion:18.1.0.1.0

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:eqversion:5.11.0

Trust: 1.0

vendor:netappmodel:storagegridscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:siemensmodel:scalance sc-600scope:gteversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic pcs 7 telecontrolscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1215 fcscope:eqversion:*

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:12.22.1

Trust: 1.0

vendor:siemensmodel:simatic rf186ciscope:eqversion:*

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:eqversion:10.1.1

Trust: 1.0

vendor:siemensmodel:simatic net cp 1542sp-1 ircscope:gteversion:2.1

Trust: 1.0

vendor:sonicwallmodel:capture clientscope:eqversion:3.5

Trust: 1.0

vendor:siemensmodel:simatic logonscope:gteversion:1.6.0.2

Trust: 1.0

vendor:siemensmodel:simatic wincc telecontrolscope:eqversion: -

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:7.0.1.0

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:ltversion:9.2.6.0

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic pcs neoscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance s623scope:gteversion:4.1

Trust: 1.0

vendor:siemensmodel:scalance lpe9403scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1214 fcscope:eqversion:*

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.13.0

Trust: 1.0

vendor:tenablemodel:log correlation enginescope:ltversion:6.0.9

Trust: 1.0

vendor:siemensmodel:scalance m-800scope:gteversion:6.2

Trust: 1.0

vendor:siemensmodel:simatic rf186cscope:eqversion:*

Trust: 1.0

vendor:mcafeemodel:web gateway cloud servicescope:eqversion:8.2.19

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:14.0.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:21.12

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:eqversion:9.2.10

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:14.16.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panelsscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinema serverscope:eqversion:14.0

Trust: 1.0

vendor:siemensmodel:scalance s612scope:gteversion:4.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1212cscope:eqversion:*

Trust: 1.0

vendor:netappmodel:santricity smi-s providerscope:eqversion: -

Trust: 1.0

vendor:checkpointmodel:quantum security managementscope:eqversion:r81

Trust: 1.0

vendor:siemensmodel:scalance xr528-6mscope:ltversion:6.4

Trust: 1.0

vendor:siemensmodel:tia administratorscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinec nmsscope:eqversion:1.0

Trust: 1.0

vendor:siemensmodel:simatic logonscope:eqversion:1.5

Trust: 1.0

vendor:freebsdmodel:freebsdscope:eqversion:12.2

Trust: 1.0

vendor:siemensmodel:sinumerik opc ua serverscope:eqversion:*

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:8.0.23

Trust: 1.0

vendor:netappmodel:ontap select deploy administration utilityscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xb-200scope:ltversion:4.3

Trust: 1.0

vendor:siemensmodel:scalance s602scope:gteversion:4.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rcm1224scope:gteversion:6.2

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:10.12.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:12.13.0

Trust: 1.0

vendor:siemensmodel:simatic cp 1242-7 gprs v2scope:gteversion:3.1

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:eqversion:8.2.19

Trust: 1.0

vendor:checkpointmodel:quantum security gatewayscope:eqversion:r80.40

Trust: 1.0

vendor:siemensmodel:simatic net cp 1545-1scope:gteversion:1.0

Trust: 1.0

vendor:siemensmodel:simatic cloud connect 7scope:gteversion:1.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:15.0.0

Trust: 1.0

vendor:siemensmodel:simatic net cp 1243-8 ircscope:gteversion:3.1

Trust: 1.0

vendor:siemensmodel:scalance w1700scope:gteversion:2.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:14.15.0

Trust: 1.0

vendor:siemensmodel:simatic net cp 1543-1scope:gteversion:2.2

Trust: 1.0

sources: NVD: CVE-2021-3449

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-3449
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202103-1458
value: MEDIUM

Trust: 0.6

VULHUB: VHN-388130
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-3449
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-388130
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-3449
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-388130 // CNNVD: CNNVD-202103-1458 // NVD: CVE-2021-3449

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.1

sources: VULHUB: VHN-388130 // NVD: CVE-2021-3449

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 163815 // CNNVD: CNNVD-202103-1458

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202103-1458

PATCH

title:OpenSSL Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146029

Trust: 0.6

sources: CNNVD: CNNVD-202103-1458

EXTERNAL IDS

db:NVDid:CVE-2021-3449

Trust: 2.2

db:TENABLEid:TNS-2021-06

Trust: 1.7

db:TENABLEid:TNS-2021-09

Trust: 1.7

db:TENABLEid:TNS-2021-05

Trust: 1.7

db:TENABLEid:TNS-2021-10

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/03/28/3

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/03/27/2

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/03/28/4

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/03/27/1

Trust: 1.7

db:SIEMENSid:SSA-772220

Trust: 1.7

db:SIEMENSid:SSA-389290

Trust: 1.7

db:PULSESECUREid:SA44845

Trust: 1.7

db:MCAFEEid:SB10356

Trust: 1.7

db:PACKETSTORMid:162350

Trust: 0.8

db:PACKETSTORMid:162151

Trust: 0.8

db:PACKETSTORMid:162114

Trust: 0.7

db:PACKETSTORMid:162076

Trust: 0.7

db:PACKETSTORMid:163257

Trust: 0.7

db:PACKETSTORMid:162041

Trust: 0.7

db:PACKETSTORMid:162013

Trust: 0.7

db:PACKETSTORMid:162383

Trust: 0.7

db:PACKETSTORMid:162699

Trust: 0.7

db:PACKETSTORMid:162337

Trust: 0.7

db:PACKETSTORMid:162196

Trust: 0.7

db:PACKETSTORMid:162172

Trust: 0.7

db:PACKETSTORMid:162307

Trust: 0.7

db:PACKETSTORMid:163815

Trust: 0.7

db:AUSCERTid:ESB-2021.1406

Trust: 0.6

db:AUSCERTid:ESB-2021.2160

Trust: 0.6

db:AUSCERTid:ESB-2021.2751

Trust: 0.6

db:AUSCERTid:ESB-2021.2259.2

Trust: 0.6

db:AUSCERTid:ESB-2021.3141

Trust: 0.6

db:AUSCERTid:ESB-2021.1618

Trust: 0.6

db:AUSCERTid:ESB-2021.1180

Trust: 0.6

db:AUSCERTid:ESB-2021.1378

Trust: 0.6

db:AUSCERTid:ESB-2021.1120

Trust: 0.6

db:AUSCERTid:ESB-2021.4083

Trust: 0.6

db:AUSCERTid:ESB-2021.2934

Trust: 0.6

db:AUSCERTid:ESB-2021.2228

Trust: 0.6

db:AUSCERTid:ESB-2021.1445

Trust: 0.6

db:AUSCERTid:ESB-2021.4104

Trust: 0.6

db:AUSCERTid:ESB-2021.1916

Trust: 0.6

db:AUSCERTid:ESB-2021.1127

Trust: 0.6

db:AUSCERTid:ESB-2021.2408

Trust: 0.6

db:AUSCERTid:ESB-2022.1714

Trust: 0.6

db:AUSCERTid:ESB-2021.1293

Trust: 0.6

db:AUSCERTid:ESB-2021.1727

Trust: 0.6

db:AUSCERTid:ESB-2021.1225

Trust: 0.6

db:AUSCERTid:ESB-2022.1025

Trust: 0.6

db:AUSCERTid:ESB-2021.2657

Trust: 0.6

db:AUSCERTid:ESB-2021.1082.2

Trust: 0.6

db:AUSCERTid:ESB-2021.1075

Trust: 0.6

db:AUSCERTid:ESB-2021.1757

Trust: 0.6

db:AUSCERTid:ESB-2021.4058

Trust: 0.6

db:CS-HELPid:SB2021051226

Trust: 0.6

db:CS-HELPid:SB2021050609

Trust: 0.6

db:CS-HELPid:SB2021062703

Trust: 0.6

db:CS-HELPid:SB2021042826

Trust: 0.6

db:CS-HELPid:SB2021062315

Trust: 0.6

db:CS-HELPid:SB2021101260

Trust: 0.6

db:CS-HELPid:SB2021071904

Trust: 0.6

db:CS-HELPid:SB2022060315

Trust: 0.6

db:CS-HELPid:SB2021060504

Trust: 0.6

db:CS-HELPid:SB2021120313

Trust: 0.6

db:CS-HELPid:SB2021042502

Trust: 0.6

db:CS-HELPid:SB2021052216

Trust: 0.6

db:CS-HELPid:SB2022031104

Trust: 0.6

db:CS-HELPid:SB2022011038

Trust: 0.6

db:ICS CERTid:ICSA-21-336-06

Trust: 0.6

db:LENOVOid:LEN-60182

Trust: 0.6

db:CNNVDid:CNNVD-202103-1458

Trust: 0.6

db:PACKETSTORMid:162197

Trust: 0.1

db:PACKETSTORMid:162183

Trust: 0.1

db:PACKETSTORMid:162189

Trust: 0.1

db:PACKETSTORMid:161984

Trust: 0.1

db:PACKETSTORMid:162201

Trust: 0.1

db:PACKETSTORMid:162200

Trust: 0.1

db:SEEBUGid:SSVID-99170

Trust: 0.1

db:VULHUBid:VHN-388130

Trust: 0.1

db:PACKETSTORMid:163209

Trust: 0.1

db:PACKETSTORMid:163276

Trust: 0.1

sources: VULHUB: VHN-388130 // PACKETSTORM: 163209 // PACKETSTORM: 163276 // PACKETSTORM: 162350 // PACKETSTORM: 162151 // PACKETSTORM: 163815 // CNNVD: CNNVD-202103-1458 // NVD: CVE-2021-3449

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.3

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf

Trust: 1.7

url:https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845

Trust: 1.7

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20210326-0006/

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20210513-0002/

Trust: 1.7

url:https://www.openssl.org/news/secadv/20210325.txt

Trust: 1.7

url:https://www.tenable.com/security/tns-2021-05

Trust: 1.7

url:https://www.tenable.com/security/tns-2021-06

Trust: 1.7

url:https://www.tenable.com/security/tns-2021-09

Trust: 1.7

url:https://www.tenable.com/security/tns-2021-10

Trust: 1.7

url:https://www.debian.org/security/2021/dsa-4875

Trust: 1.7

url:https://security.gentoo.org/glsa/202103-03

Trust: 1.7

url:https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc

Trust: 1.7

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/03/27/1

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/03/27/2

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/03/28/3

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/03/28/4

Trust: 1.7

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10356

Trust: 1.6

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=fb9fa6b51defd48157eeb207f52181f735d96148

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/

Trust: 1.0

url:https://security.netapp.com/advisory/ntap-20240621-0006/

Trust: 1.0

url:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/

Trust: 0.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=1939664

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-update-available-for-openssl-vulnerabilities-affecting-ibm-watson-speech-services-1-2-1/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052216

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-cve-2021-3449-cve-2021-3450-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2657

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1127

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1445

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1727

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system-systems-are-affected-by-vulnerabilities-in-openssl/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1406

Trust: 0.6

url:https://packetstormsecurity.com/files/162172/red-hat-security-advisory-2021-1189-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-java-openssl-websphere-application-server-liberty-and-node-js-affect-ibm-spectrum-control/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2934

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2021-3449-and-cve-2021-3450/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1378

Trust: 0.6

url:https://packetstormsecurity.com/files/162041/gentoo-linux-security-advisory-202103-03.html

Trust: 0.6

url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-3449

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1293

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021120313

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-fabric-os-used-by-ibm-b-type-san-directors-and-switches-5/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4083

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6520674

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1618

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6491127

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060504

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2228

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-has-several-security-vulnerabilities-addressed-in-the-latest-version/

Trust: 0.6

url:https://packetstormsecurity.com/files/162307/red-hat-security-advisory-2021-1338-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162699/red-hat-security-advisory-2021-2041-01.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6520474

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042502

Trust: 0.6

url:https://packetstormsecurity.com/files/162013/red-hat-security-advisory-2021-1024-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-may-affect-ibm-workload-scheduler/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2751

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6523070

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4058

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-affected-by-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1714

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-z-tpf-is-affected-by-an-openssl-vulnerability-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1180

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2259.2

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-are-affected-by-vulnerabilities-in-node-js-cve-2021-3450-cve-2021-3449-2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-fixed-in-openssl-as-shipped-with-ibm-security-verify-products/

Trust: 0.6

url:https://packetstormsecurity.com/files/163257/red-hat-security-advisory-2021-2130-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors/

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-60182

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021051226

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1225

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042826

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071904

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4104

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1075

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1082.2

Trust: 0.6

url:https://packetstormsecurity.com/files/162114/red-hat-security-advisory-2021-1131-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/163815/ubuntu-security-notice-usn-5038-1.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-potential-dos-in-ibm-datapower-gateway/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050609

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2160

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1916

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1025

Trust: 0.6

url:https://packetstormsecurity.com/files/162151/red-hat-security-advisory-2021-1168-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101260

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062703

Trust: 0.6

url:https://packetstormsecurity.com/files/162196/red-hat-security-advisory-2021-1199-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2408

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1757

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060315

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1120

Trust: 0.6

url:https://packetstormsecurity.com/files/162337/red-hat-security-advisory-2021-1369-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-power-hardware-management-console-cve-2021-3449/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011038

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062315

Trust: 0.6

url:https://packetstormsecurity.com/files/162383/red-hat-security-advisory-2021-1448-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-affect-ibm-sterling-connectexpress-for-unix-cve-2021-3449-cve-2021-3450/

Trust: 0.6

url:https://packetstormsecurity.com/files/162076/red-hat-security-advisory-2021-1063-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3141

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-rational-clearquest-cve-2021-3449-cve-2021-3450/

Trust: 0.6

url:https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-openssl-vulnerability-cve-2021-3449/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-336-06

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031104

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3449

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3450

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-3449

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8286

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-26116

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-28196

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-15358

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20305

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-15358

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-14502

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-27618

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13434

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13776

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-3842

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13776

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24977

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8231

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8231

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-27619

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-24977

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-29362

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13434

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-14502

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8285

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-10228

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-9169

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26116

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25013

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-28196

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-29361

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-27619

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3177

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-9169

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3326

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25013

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-29362

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-2708

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23336

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8927

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-29363

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-3842

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-2708

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-29363

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-10228

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8284

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-29361

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-27618

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-28500

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-28500

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23337

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10356

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2479

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23240

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3139

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13543

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26137

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9951

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23239

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36242

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9948

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13012

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25659

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13584

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26137

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13543

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36242

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13584

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27783

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25659

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27783

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9983

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3528

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25678

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25678

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13012

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8284

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20305

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13949

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28362

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8285

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8286

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3114

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28362

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8927

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2543

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23336

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13949

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27219

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36189

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-19360

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36188

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14379

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14718

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20190

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14718

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36179

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-19361

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36185

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35490

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36180

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35491

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35490

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35728

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36180

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35491

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36182

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36183

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36186

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/updating/updating-cluster

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-19360

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24750

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36187

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-19362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36183

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-19362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36188

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14721

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36179

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36182

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36185

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14721

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36186

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36187

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36189

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1230

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20190

Trust: 0.1

url:https://access.redhat.com/errata/rhba-2021:1232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-19361

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35728

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14379

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21321

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1168

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29529

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28851

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27363

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29529

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3121

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3347

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28374

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28851

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23841

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27364

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-26708

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27365

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0466

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27152

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23337

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28852

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21322

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27152

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23840

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3347

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21321

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21322

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27365

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0466

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27364

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28374

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26708

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5038-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3677

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/postgresql-10/10.18-0ubuntu0.18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/postgresql-12/12.8-0ubuntu0.20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/postgresql-13/13.4-0ubuntu0.21.04.1

Trust: 0.1

sources: VULHUB: VHN-388130 // PACKETSTORM: 163209 // PACKETSTORM: 163276 // PACKETSTORM: 162350 // PACKETSTORM: 162151 // PACKETSTORM: 163815 // CNNVD: CNNVD-202103-1458 // NVD: CVE-2021-3449

CREDITS

Red Hat

Trust: 1.0

sources: PACKETSTORM: 163209 // PACKETSTORM: 163276 // PACKETSTORM: 162350 // PACKETSTORM: 162151 // CNNVD: CNNVD-202103-1458

SOURCES

db:VULHUBid:VHN-388130
db:PACKETSTORMid:163209
db:PACKETSTORMid:163276
db:PACKETSTORMid:162350
db:PACKETSTORMid:162151
db:PACKETSTORMid:163815
db:CNNVDid:CNNVD-202103-1458
db:NVDid:CVE-2021-3449

LAST UPDATE DATE

2025-04-25T00:54:51.942000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-388130date:2022-08-29T00:00:00
db:CNNVDid:CNNVD-202103-1458date:2022-07-26T00:00:00
db:NVDid:CVE-2021-3449date:2024-11-21T06:21:33.050

SOURCES RELEASE DATE

db:VULHUBid:VHN-388130date:2021-03-25T00:00:00
db:PACKETSTORMid:163209date:2021-06-17T18:34:10
db:PACKETSTORMid:163276date:2021-06-24T17:54:53
db:PACKETSTORMid:162350date:2021-04-27T15:37:46
db:PACKETSTORMid:162151date:2021-04-13T15:38:30
db:PACKETSTORMid:163815date:2021-08-13T14:20:11
db:CNNVDid:CNNVD-202103-1458date:2021-03-25T00:00:00
db:NVDid:CVE-2021-3449date:2021-03-25T15:15:13.450