ID

VAR-202103-1464


CVE

CVE-2021-3449


TITLE

OpenSSL Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202103-1458

DESCRIPTION

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Advanced Cluster Management for Kubernetes version 2.3 Advisory ID: RHSA-2021:3016-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2021:3016 Issue date: 2021-08-05 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2018-20843 CVE-2018-1000858 CVE-2019-2708 CVE-2019-9169 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 CVE-2019-19906 CVE-2019-20454 CVE-2019-20934 CVE-2019-25013 CVE-2020-1730 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-11668 CVE-2020-13434 CVE-2020-15358 CVE-2020-27618 CVE-2020-28196 CVE-2020-28469 CVE-2020-28500 CVE-2020-28851 CVE-2020-28852 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2021-3326 CVE-2021-3377 CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-3560 CVE-2021-20271 CVE-2021-20305 CVE-2021-21272 CVE-2021-21309 CVE-2021-21321 CVE-2021-21322 CVE-2021-23337 CVE-2021-23343 CVE-2021-23346 CVE-2021-23362 CVE-2021-23364 CVE-2021-23368 CVE-2021-23369 CVE-2021-23382 CVE-2021-23383 CVE-2021-23839 CVE-2021-23840 CVE-2021-23841 CVE-2021-25217 CVE-2021-27219 CVE-2021-27292 CVE-2021-27358 CVE-2021-28092 CVE-2021-28918 CVE-2021-29418 CVE-2021-29477 CVE-2021-29478 CVE-2021-29482 CVE-2021-32399 CVE-2021-33033 CVE-2021-33034 CVE-2021-33502 CVE-2021-33623 CVE-2021-33909 CVE-2021-33910 ===================================================================== 1. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.3.0 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/ Security: * fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321) * fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322) * nodejs-netmask: improper input validation of octal input data (CVE-2021-28918) * redis: Integer overflow via STRALGO LCS command (CVE-2021-29477) * redis: Integer overflow via COPY command for large intsets (CVE-2021-29478) * nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469) * nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500) * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing - -u- extension (CVE-2020-28851) * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852) * nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377) * oras: zip-slip vulnerability via oras-pull (CVE-2021-21272) * redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * nodejs-lodash: command injection via template (CVE-2021-23337) * nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362) * browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364) * nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368) * nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369) * nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382) * nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383) * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) * nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292) * grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358) * nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092) * nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418) * ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482) * normalize-url: ReDoS for data URLs (CVE-2021-33502) * nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623) * nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343) * html-parse-stringify: Regular Expression DoS (CVE-2021-23346) * openssl: incorrect SSLv2 rollback protection (CVE-2021-23839) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. Bugs: * RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444) * cluster became offline after apiserver health check (BZ# 1942589) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html-single/install/index#installing 4. Bugs fixed (https://bugzilla.redhat.com/): 1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters 5. References: https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2018-1000858 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20934 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-11668 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-28469 https://access.redhat.com/security/cve/CVE-2020-28500 https://access.redhat.com/security/cve/CVE-2020-28851 https://access.redhat.com/security/cve/CVE-2020-28852 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3377 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2021-3560 https://access.redhat.com/security/cve/CVE-2021-20271 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-21272 https://access.redhat.com/security/cve/CVE-2021-21309 https://access.redhat.com/security/cve/CVE-2021-21321 https://access.redhat.com/security/cve/CVE-2021-21322 https://access.redhat.com/security/cve/CVE-2021-23337 https://access.redhat.com/security/cve/CVE-2021-23343 https://access.redhat.com/security/cve/CVE-2021-23346 https://access.redhat.com/security/cve/CVE-2021-23362 https://access.redhat.com/security/cve/CVE-2021-23364 https://access.redhat.com/security/cve/CVE-2021-23368 https://access.redhat.com/security/cve/CVE-2021-23369 https://access.redhat.com/security/cve/CVE-2021-23382 https://access.redhat.com/security/cve/CVE-2021-23383 https://access.redhat.com/security/cve/CVE-2021-23839 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-25217 https://access.redhat.com/security/cve/CVE-2021-27219 https://access.redhat.com/security/cve/CVE-2021-27292 https://access.redhat.com/security/cve/CVE-2021-27358 https://access.redhat.com/security/cve/CVE-2021-28092 https://access.redhat.com/security/cve/CVE-2021-28918 https://access.redhat.com/security/cve/CVE-2021-29418 https://access.redhat.com/security/cve/CVE-2021-29477 https://access.redhat.com/security/cve/CVE-2021-29478 https://access.redhat.com/security/cve/CVE-2021-29482 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/cve/CVE-2021-33033 https://access.redhat.com/security/cve/CVE-2021-33034 https://access.redhat.com/security/cve/CVE-2021-33502 https://access.redhat.com/security/cve/CVE-2021-33623 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/cve/CVE-2021-33910 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYQyKDNzjgjWX9erEAQhAWQ//fU2h/y+76CVkExXChhgJ779lC9Ec1f+X 6yw1b2WCHcztbTwyRtZw90dvIA1rNIDBrd83jIwfzsXzxEfGcCTriOmotHKX44+4 w6uPpmPSOBTsXB/yV/kvbPWpUKkahITC2uvjaInzO2zMmUQ2ntNGpvPu7BbFLmL1 oHMVIZaJ+zrPifwPhGqlp3rAkYe6uGobdvwtrOMXw8L5VnJor+35xLjos5k30IlC 4lftpWm9cD4oozdb5hw4A0i8fyAvue4hzpmgPfUJ6bngux8wycYhPGiRJR1HX03T MSXsWNBtqXNcB7r/GGqen73rr/eyyqsqfJ7+l8Uu7ph5cjk04foZcMqg+rz/1xne gVPkWcUJT8j7BH2sO8qiMdfYNl3+xNqPI9MtPEI8K/eiwynwETZqsKnEGIyhcTcX xe08Io2jV3jlnpQO/SBcvpKyzcqhDOuNBH2ozhn7Ka68WIMk2OuWempQcyDlWizO 1UbgoiMVb0hlP0APVpJKNtpfFCjBzFC24gWSAOPTep3vzA418Sn/moCJupM+3PPA QIzkGAt9f7sffI0JEg0JPEy0/aTmfsPm7XeR6DG+xF7o1nfy1SOcf+tcnPD0K+z8 8fS0uUMB/wO2s5yQ1TctsYzL9S5HRwMtnq7qKwWq9ItYzdQB4pcmyK1WgJAHVAtf Omk9Hj44tdI= =X9lR -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . OpenSSL Security Advisory [25 March 2021] ========================================= CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) ======================================================================== Severity: High The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. This issue was reported to OpenSSL on 18th March 2021 by Benjamin Kaduk from Akamai and was discovered by Xiang Ding and others at Akamai. The fix was developed by Tomáš Mráz. This issue was reported to OpenSSL on 17th March 2021 by Nokia. The fix was developed by Peter Kästle and Samuel Sapalski from Nokia. Note ==== OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended support is available for premium support customers: https://www.openssl.org/support/contracts.html OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20210325.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . JIRA issues fixed (https://issues.jboss.org/): TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project 6. Bug Fix(es): * Documentation is referencing deprecated API for Service Export - Submariner (BZ#1936528) * Importing of cluster fails due to error/typo in generated command (BZ#1936642) * RHACM 2.2.2 images (BZ#1938215) * 2.2 clusterlifecycle fails to allow provision `fips: true` clusters on aws, vsphere (BZ#1941778) 3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202103-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 31, 2021 Bugs: #769785, #777681 ID: 202103-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which could allow remote attackers to cause a Denial of Service condition. Background ========== OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as well as a general purpose cryptography library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.1.1k >= 1.1.1k Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.1.1k" References ========== [ 1 ] CVE-2021-23840 https://nvd.nist.gov/vuln/detail/CVE-2021-23840 [ 2 ] CVE-2021-23841 https://nvd.nist.gov/vuln/detail/CVE-2021-23841 [ 3 ] CVE-2021-3449 https://nvd.nist.gov/vuln/detail/CVE-2021-3449 [ 4 ] CVE-2021-3450 https://nvd.nist.gov/vuln/detail/CVE-2021-3450 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202103-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5038-1 August 12, 2021 postgresql-10, postgresql-12, postgresql-13 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in PostgreSQL. Software Description: - postgresql-13: Object-relational SQL database - postgresql-12: Object-relational SQL database - postgresql-10: Object-relational SQL database Details: It was discovered that the PostgresQL planner could create incorrect plans in certain circumstances. A remote attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly obtain sensitive information from memory. (CVE-2021-3677) It was discovered that PostgreSQL incorrectly handled certain SSL renegotiation ClientHello messages from clients. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2021-3449) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: postgresql-13 13.4-0ubuntu0.21.04.1 Ubuntu 20.04 LTS: postgresql-12 12.8-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: postgresql-10 10.18-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes. Description: Red Hat OpenShift Serverless 1.17.0 release of the OpenShift Serverless Operator. Security Fix(es): * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) * golang: net: lookup functions may return invalid host names (CVE-2021-33195) * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) * golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) * golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918) * golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) * golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196) It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless/index See the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.7/html/serverless/index See the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.8/html/serverless/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196 5

Trust: 1.8

sources: NVD: CVE-2021-3449 // VULHUB: VHN-388130 // PACKETSTORM: 163747 // PACKETSTORM: 169659 // PACKETSTORM: 162694 // PACKETSTORM: 163267 // PACKETSTORM: 162151 // PACKETSTORM: 162307 // PACKETSTORM: 162041 // PACKETSTORM: 163815 // PACKETSTORM: 164192

AFFECTED PRODUCTS

vendor:oraclemodel:graalvmscope:eqversion:20.3.1.2

Trust: 1.0

vendor:oraclemodel:mysql workbenchscope:lteversion:8.0.23

Trust: 1.0

vendor:siemensmodel:simatic cloud connect 7scope:eqversion: -

Trust: 1.0

vendor:netappmodel:cloud volumes ontap mediatorscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic net cp 1543sp-1scope:gteversion:2.1

Trust: 1.0

vendor:siemensmodel:simatic pdmscope:gteversion:9.1.0.7

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:eqversion:5.12.1

Trust: 1.0

vendor:oraclemodel:essbasescope:eqversion:21.2

Trust: 1.0

vendor:sonicwallmodel:sma100scope:gteversion:10.2.0.0

Trust: 1.0

vendor:checkpointmodel:multi-domain managementscope:eqversion:r80.40

Trust: 1.0

vendor:siemensmodel:scalance s627-2mscope:gteversion:4.1

Trust: 1.0

vendor:siemensmodel:scalance xp-200scope:ltversion:4.3

Trust: 1.0

vendor:siemensmodel:simatic process historian opc ua serverscope:gteversion:2019

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.0.0

Trust: 1.0

vendor:siemensmodel:simatic cp 1242-7 gprs v2scope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jd edwards world securityscope:eqversion:a9.4

Trust: 1.0

vendor:siemensmodel:scalance xr524-8cscope:ltversion:6.4

Trust: 1.0

vendor:tenablemodel:tenable.scscope:gteversion:5.13.0

Trust: 1.0

vendor:siemensmodel:simatic rf188ciscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic net cp 1243-1scope:gteversion:3.1

Trust: 1.0

vendor:siemensmodel:simatic rf185cscope:eqversion:*

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:eqversion:5.13.0

Trust: 1.0

vendor:oraclemodel:mysql connectorsscope:lteversion:8.0.23

Trust: 1.0

vendor:siemensmodel:simatic net cp 1543-1scope:ltversion:3.0

Trust: 1.0

vendor:siemensmodel:tim 1531 ircscope:ltversion:2.2

Trust: 1.0

vendor:oraclemodel:secure global desktopscope:eqversion:5.6

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:10.24.0

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:5.7.33

Trust: 1.0

vendor:siemensmodel:scalance xr-300wgscope:ltversion:4.3

Trust: 1.0

vendor:sonicwallmodel:sma100scope:ltversion:10.2.1.0-17sv

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1217cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinamics connect 300scope:eqversion:*

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:12.12.0

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:eqversion:5.11.1

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:siemensmodel:scalance xm-400scope:ltversion:6.4

Trust: 1.0

vendor:siemensmodel:simatic net cp1243-7 lte euscope:gteversion:3.1

Trust: 1.0

vendor:checkpointmodel:quantum security gatewayscope:eqversion:r81

Trust: 1.0

vendor:oraclemodel:communications communications policy managementscope:eqversion:12.6.0.0.0

Trust: 1.0

vendor:siemensmodel:simatic rf360rscope:eqversion:*

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1214cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance s615scope:gteversion:6.2

Trust: 1.0

vendor:oraclemodel:mysql serverscope:gteversion:8.0.15

Trust: 1.0

vendor:siemensmodel:simatic mv500scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1212fcscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinec pniscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xf-200bascope:ltversion:4.3

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:eqversion:5.12.0

Trust: 1.0

vendor:siemensmodel:simatic rf188cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:*

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1211cscope:eqversion:*

Trust: 1.0

vendor:tenablemodel:nessusscope:lteversion:8.13.1

Trust: 1.0

vendor:oraclemodel:enterprise manager for storage managementscope:eqversion:13.4.0.0

Trust: 1.0

vendor:checkpointmodel:multi-domain managementscope:eqversion:r81

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.7

Trust: 1.0

vendor:siemensmodel:simatic hmi basic panels 2nd generationscope:eqversion:*

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:19.12

Trust: 1.0

vendor:siemensmodel:scalance w700scope:gteversion:6.5

Trust: 1.0

vendor:netappmodel:e-series performance analyzerscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xr552-12scope:ltversion:6.4

Trust: 1.0

vendor:siemensmodel:simatic net cp1243-7 lte usscope:gteversion:3.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:12.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.1.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:19.3.5

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:20.12

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:14.14.0

Trust: 1.0

vendor:tenablemodel:tenable.scscope:lteversion:5.17.0

Trust: 1.0

vendor:mcafeemodel:web gateway cloud servicescope:eqversion:10.1.1

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.1.1k

Trust: 1.0

vendor:siemensmodel:simatic rf166cscope:eqversion:*

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:siemensmodel:scalance xc-200scope:ltversion:4.3

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1215cscope:eqversion:*

Trust: 1.0

vendor:checkpointmodel:quantum security managementscope:eqversion:r80.40

Trust: 1.0

vendor:siemensmodel:scalance xr526-8cscope:ltversion:6.4

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:15.14.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518-4 pn\/dp mfpscope:eqversion:*

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:mcafeemodel:web gateway cloud servicescope:eqversion:9.2.10

Trust: 1.0

vendor:siemensmodel:tim 1531 ircscope:gteversion:2.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:21.0.0.2

Trust: 1.0

vendor:oraclemodel:secure backupscope:ltversion:18.1.0.1.0

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:eqversion:5.11.0

Trust: 1.0

vendor:netappmodel:storagegridscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:siemensmodel:scalance sc-600scope:gteversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic pcs 7 telecontrolscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1215 fcscope:eqversion:*

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:12.22.1

Trust: 1.0

vendor:siemensmodel:simatic rf186ciscope:eqversion:*

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:eqversion:10.1.1

Trust: 1.0

vendor:siemensmodel:simatic net cp 1542sp-1 ircscope:gteversion:2.1

Trust: 1.0

vendor:sonicwallmodel:capture clientscope:eqversion:3.5

Trust: 1.0

vendor:siemensmodel:simatic logonscope:gteversion:1.6.0.2

Trust: 1.0

vendor:siemensmodel:simatic wincc telecontrolscope:eqversion: -

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:7.0.1.0

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:ltversion:9.2.6.0

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic pcs neoscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance s623scope:gteversion:4.1

Trust: 1.0

vendor:siemensmodel:scalance lpe9403scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1214 fcscope:eqversion:*

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.13.0

Trust: 1.0

vendor:tenablemodel:log correlation enginescope:ltversion:6.0.9

Trust: 1.0

vendor:siemensmodel:scalance m-800scope:gteversion:6.2

Trust: 1.0

vendor:siemensmodel:simatic rf186cscope:eqversion:*

Trust: 1.0

vendor:mcafeemodel:web gateway cloud servicescope:eqversion:8.2.19

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:14.0.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:21.12

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:eqversion:9.2.10

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:14.16.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panelsscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinema serverscope:eqversion:14.0

Trust: 1.0

vendor:siemensmodel:scalance s612scope:gteversion:4.1

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1212cscope:eqversion:*

Trust: 1.0

vendor:netappmodel:santricity smi-s providerscope:eqversion: -

Trust: 1.0

vendor:checkpointmodel:quantum security managementscope:eqversion:r81

Trust: 1.0

vendor:siemensmodel:scalance xr528-6mscope:ltversion:6.4

Trust: 1.0

vendor:siemensmodel:tia administratorscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinec nmsscope:eqversion:1.0

Trust: 1.0

vendor:siemensmodel:simatic logonscope:eqversion:1.5

Trust: 1.0

vendor:freebsdmodel:freebsdscope:eqversion:12.2

Trust: 1.0

vendor:siemensmodel:sinumerik opc ua serverscope:eqversion:*

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:8.0.23

Trust: 1.0

vendor:netappmodel:ontap select deploy administration utilityscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:scalance xb-200scope:ltversion:4.3

Trust: 1.0

vendor:siemensmodel:scalance s602scope:gteversion:4.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rcm1224scope:gteversion:6.2

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:10.12.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:12.13.0

Trust: 1.0

vendor:siemensmodel:simatic cp 1242-7 gprs v2scope:gteversion:3.1

Trust: 1.0

vendor:mcafeemodel:web gatewayscope:eqversion:8.2.19

Trust: 1.0

vendor:checkpointmodel:quantum security gatewayscope:eqversion:r80.40

Trust: 1.0

vendor:siemensmodel:simatic net cp 1545-1scope:gteversion:1.0

Trust: 1.0

vendor:siemensmodel:simatic cloud connect 7scope:gteversion:1.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:15.0.0

Trust: 1.0

vendor:siemensmodel:simatic net cp 1243-8 ircscope:gteversion:3.1

Trust: 1.0

vendor:siemensmodel:scalance w1700scope:gteversion:2.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:14.15.0

Trust: 1.0

vendor:siemensmodel:simatic net cp 1543-1scope:gteversion:2.2

Trust: 1.0

sources: NVD: CVE-2021-3449

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-3449
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202103-1458
value: MEDIUM

Trust: 0.6

VULHUB: VHN-388130
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-3449
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-388130
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-3449
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-388130 // CNNVD: CNNVD-202103-1458 // NVD: CVE-2021-3449

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.1

sources: VULHUB: VHN-388130 // NVD: CVE-2021-3449

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 162041 // PACKETSTORM: 163815 // CNNVD: CNNVD-202103-1458

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202103-1458

PATCH

title:OpenSSL Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146029

Trust: 0.6

sources: CNNVD: CNNVD-202103-1458

EXTERNAL IDS

db:NVDid:CVE-2021-3449

Trust: 2.6

db:TENABLEid:TNS-2021-06

Trust: 1.7

db:TENABLEid:TNS-2021-09

Trust: 1.7

db:TENABLEid:TNS-2021-05

Trust: 1.7

db:TENABLEid:TNS-2021-10

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/03/28/3

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/03/27/2

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/03/28/4

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/03/27/1

Trust: 1.7

db:SIEMENSid:SSA-772220

Trust: 1.7

db:SIEMENSid:SSA-389290

Trust: 1.7

db:PULSESECUREid:SA44845

Trust: 1.7

db:MCAFEEid:SB10356

Trust: 1.7

db:PACKETSTORMid:162041

Trust: 0.8

db:PACKETSTORMid:162151

Trust: 0.8

db:PACKETSTORMid:162307

Trust: 0.8

db:PACKETSTORMid:162114

Trust: 0.7

db:PACKETSTORMid:162076

Trust: 0.7

db:PACKETSTORMid:163257

Trust: 0.7

db:PACKETSTORMid:162350

Trust: 0.7

db:PACKETSTORMid:162013

Trust: 0.7

db:PACKETSTORMid:162383

Trust: 0.7

db:PACKETSTORMid:162699

Trust: 0.7

db:PACKETSTORMid:162337

Trust: 0.7

db:PACKETSTORMid:162196

Trust: 0.7

db:PACKETSTORMid:162172

Trust: 0.7

db:PACKETSTORMid:163815

Trust: 0.7

db:AUSCERTid:ESB-2021.1406

Trust: 0.6

db:AUSCERTid:ESB-2021.2160

Trust: 0.6

db:AUSCERTid:ESB-2021.2751

Trust: 0.6

db:AUSCERTid:ESB-2021.2259.2

Trust: 0.6

db:AUSCERTid:ESB-2021.3141

Trust: 0.6

db:AUSCERTid:ESB-2021.1618

Trust: 0.6

db:AUSCERTid:ESB-2021.1180

Trust: 0.6

db:AUSCERTid:ESB-2021.1378

Trust: 0.6

db:AUSCERTid:ESB-2021.1120

Trust: 0.6

db:AUSCERTid:ESB-2021.4083

Trust: 0.6

db:AUSCERTid:ESB-2021.2934

Trust: 0.6

db:AUSCERTid:ESB-2021.2228

Trust: 0.6

db:AUSCERTid:ESB-2021.1445

Trust: 0.6

db:AUSCERTid:ESB-2021.4104

Trust: 0.6

db:AUSCERTid:ESB-2021.1916

Trust: 0.6

db:AUSCERTid:ESB-2021.1127

Trust: 0.6

db:AUSCERTid:ESB-2021.2408

Trust: 0.6

db:AUSCERTid:ESB-2022.1714

Trust: 0.6

db:AUSCERTid:ESB-2021.1293

Trust: 0.6

db:AUSCERTid:ESB-2021.1727

Trust: 0.6

db:AUSCERTid:ESB-2021.1225

Trust: 0.6

db:AUSCERTid:ESB-2022.1025

Trust: 0.6

db:AUSCERTid:ESB-2021.2657

Trust: 0.6

db:AUSCERTid:ESB-2021.1082.2

Trust: 0.6

db:AUSCERTid:ESB-2021.1075

Trust: 0.6

db:AUSCERTid:ESB-2021.1757

Trust: 0.6

db:AUSCERTid:ESB-2021.4058

Trust: 0.6

db:CS-HELPid:SB2021051226

Trust: 0.6

db:CS-HELPid:SB2021050609

Trust: 0.6

db:CS-HELPid:SB2021062703

Trust: 0.6

db:CS-HELPid:SB2021042826

Trust: 0.6

db:CS-HELPid:SB2021062315

Trust: 0.6

db:CS-HELPid:SB2021101260

Trust: 0.6

db:CS-HELPid:SB2021071904

Trust: 0.6

db:CS-HELPid:SB2022060315

Trust: 0.6

db:CS-HELPid:SB2021060504

Trust: 0.6

db:CS-HELPid:SB2021120313

Trust: 0.6

db:CS-HELPid:SB2021042502

Trust: 0.6

db:CS-HELPid:SB2021052216

Trust: 0.6

db:CS-HELPid:SB2022031104

Trust: 0.6

db:CS-HELPid:SB2022011038

Trust: 0.6

db:ICS CERTid:ICSA-21-336-06

Trust: 0.6

db:LENOVOid:LEN-60182

Trust: 0.6

db:CNNVDid:CNNVD-202103-1458

Trust: 0.6

db:PACKETSTORMid:162197

Trust: 0.1

db:PACKETSTORMid:162183

Trust: 0.1

db:PACKETSTORMid:162189

Trust: 0.1

db:PACKETSTORMid:161984

Trust: 0.1

db:PACKETSTORMid:162201

Trust: 0.1

db:PACKETSTORMid:162200

Trust: 0.1

db:SEEBUGid:SSVID-99170

Trust: 0.1

db:VULHUBid:VHN-388130

Trust: 0.1

db:PACKETSTORMid:163747

Trust: 0.1

db:PACKETSTORMid:169659

Trust: 0.1

db:PACKETSTORMid:162694

Trust: 0.1

db:PACKETSTORMid:163267

Trust: 0.1

db:PACKETSTORMid:164192

Trust: 0.1

sources: VULHUB: VHN-388130 // PACKETSTORM: 163747 // PACKETSTORM: 169659 // PACKETSTORM: 162694 // PACKETSTORM: 163267 // PACKETSTORM: 162151 // PACKETSTORM: 162307 // PACKETSTORM: 162041 // PACKETSTORM: 163815 // PACKETSTORM: 164192 // CNNVD: CNNVD-202103-1458 // NVD: CVE-2021-3449

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.3

url:https://www.openssl.org/news/secadv/20210325.txt

Trust: 1.8

url:https://security.gentoo.org/glsa/202103-03

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf

Trust: 1.7

url:https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845

Trust: 1.7

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20210326-0006/

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20210513-0002/

Trust: 1.7

url:https://www.tenable.com/security/tns-2021-05

Trust: 1.7

url:https://www.tenable.com/security/tns-2021-06

Trust: 1.7

url:https://www.tenable.com/security/tns-2021-09

Trust: 1.7

url:https://www.tenable.com/security/tns-2021-10

Trust: 1.7

url:https://www.debian.org/security/2021/dsa-4875

Trust: 1.7

url:https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc

Trust: 1.7

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/03/27/1

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/03/27/2

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/03/28/3

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/03/28/4

Trust: 1.7

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10356

Trust: 1.6

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=fb9fa6b51defd48157eeb207f52181f735d96148

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/

Trust: 1.0

url:https://security.netapp.com/advisory/ntap-20240621-0006/

Trust: 1.0

url:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2021-3449

Trust: 0.6

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3450

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://bugzilla.redhat.com/show_bug.cgi?id=1939664

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-update-available-for-openssl-vulnerabilities-affecting-ibm-watson-speech-services-1-2-1/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052216

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-cve-2021-3449-cve-2021-3450-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2657

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1127

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1445

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1727

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system-systems-are-affected-by-vulnerabilities-in-openssl/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1406

Trust: 0.6

url:https://packetstormsecurity.com/files/162172/red-hat-security-advisory-2021-1189-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-java-openssl-websphere-application-server-liberty-and-node-js-affect-ibm-spectrum-control/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2934

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2021-3449-and-cve-2021-3450/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1378

Trust: 0.6

url:https://packetstormsecurity.com/files/162041/gentoo-linux-security-advisory-202103-03.html

Trust: 0.6

url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-3449

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1293

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021120313

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-fabric-os-used-by-ibm-b-type-san-directors-and-switches-5/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4083

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6520674

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1618

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6491127

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060504

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2228

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-has-several-security-vulnerabilities-addressed-in-the-latest-version/

Trust: 0.6

url:https://packetstormsecurity.com/files/162307/red-hat-security-advisory-2021-1338-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162699/red-hat-security-advisory-2021-2041-01.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6520474

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042502

Trust: 0.6

url:https://packetstormsecurity.com/files/162013/red-hat-security-advisory-2021-1024-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-may-affect-ibm-workload-scheduler/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2751

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6523070

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4058

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-affected-by-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1714

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-z-tpf-is-affected-by-an-openssl-vulnerability-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1180

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2259.2

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-are-affected-by-vulnerabilities-in-node-js-cve-2021-3450-cve-2021-3449-2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-fixed-in-openssl-as-shipped-with-ibm-security-verify-products/

Trust: 0.6

url:https://packetstormsecurity.com/files/163257/red-hat-security-advisory-2021-2130-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors/

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-60182

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021051226

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1225

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042826

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071904

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4104

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1075

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1082.2

Trust: 0.6

url:https://packetstormsecurity.com/files/162114/red-hat-security-advisory-2021-1131-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/163815/ubuntu-security-notice-usn-5038-1.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-potential-dos-in-ibm-datapower-gateway/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050609

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2160

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1916

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1025

Trust: 0.6

url:https://packetstormsecurity.com/files/162151/red-hat-security-advisory-2021-1168-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101260

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062703

Trust: 0.6

url:https://packetstormsecurity.com/files/162196/red-hat-security-advisory-2021-1199-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2408

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1757

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060315

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1120

Trust: 0.6

url:https://packetstormsecurity.com/files/162337/red-hat-security-advisory-2021-1369-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-power-hardware-management-console-cve-2021-3449/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011038

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062315

Trust: 0.6

url:https://packetstormsecurity.com/files/162383/red-hat-security-advisory-2021-1448-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-affect-ibm-sterling-connectexpress-for-unix-cve-2021-3449-cve-2021-3450/

Trust: 0.6

url:https://packetstormsecurity.com/files/162076/red-hat-security-advisory-2021-1063-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3141

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-rational-clearquest-cve-2021-3449-cve-2021-3450/

Trust: 0.6

url:https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-openssl-vulnerability-cve-2021-3449/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-336-06

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031104

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-20305

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-3449

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-3450

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-8286

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-28196

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-15358

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-15358

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-14502

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-27618

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-13434

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8231

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-29362

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-13434

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-14502

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8285

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-10228

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9169

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25013

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-28196

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-29361

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-9169

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3326

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25013

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-29362

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-2708

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8927

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-29363

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-2708

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2016-10228

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-8284

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-29361

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-27618

Trust: 0.3

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3114

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-20305

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-20454

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-28500

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-28852

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13050

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3520

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3537

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-28851

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1730

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-27219

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3518

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23337

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19906

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13050

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3516

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21321

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3517

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-28851

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-28852

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-1000858

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14889

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1730

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3541

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13627

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000858

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20454

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-28500

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19906

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21322

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13627

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14889

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3115

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8284

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8285

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8286

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8927

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-29363

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8231

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3114

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23841

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23840

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index

Trust: 0.2

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10356

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28469

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29418

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33034

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28092

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33909

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29482

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32399

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27358

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23369

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23368

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11668

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23364

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23343

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21309

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33502

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23383

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28918

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3560

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33033

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25217

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28469

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3016

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3377

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21272

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29477

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27292

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29478

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11668

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23839

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23382

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33910

Trust: 0.1

url:https://www.openssl.org/support/contracts.html

Trust: 0.1

url:https://www.openssl.org/policies/secpolicy.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20916

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20907

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20907

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13631

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14422

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7595

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13632

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8492

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16168

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9327

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13630

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20387

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.5/html/serverless_applications/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5018

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9327

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16935

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19221

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-6405

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20388

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20388

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2021

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13631

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20387

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8492

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5018

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19956

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13632

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14422

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13630

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6405

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19956

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-16935

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7595

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-16168

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20916

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26116

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23336

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28362

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26116

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3842

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2532

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13776

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27619

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24977

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3842

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13776

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23336

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3177

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27619

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24977

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1168

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29529

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29529

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3121

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3347

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28374

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27364

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-26708

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27365

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0466

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27152

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23337

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27363

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21322

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27152

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3347

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21321

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27365

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0466

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27364

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28374

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26708

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3115

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1338

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5038-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3677

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/postgresql-10/10.18-0ubuntu0.18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/postgresql-12/12.8-0ubuntu0.20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/postgresql-13/13.4-0ubuntu0.21.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27918

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33196

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33195

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27918

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27218

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33196

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33197

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33198

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33198

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31525

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-34558

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3556

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3326

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33197

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3421

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31525

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3703

Trust: 0.1

sources: VULHUB: VHN-388130 // PACKETSTORM: 163747 // PACKETSTORM: 169659 // PACKETSTORM: 162694 // PACKETSTORM: 163267 // PACKETSTORM: 162151 // PACKETSTORM: 162307 // PACKETSTORM: 162041 // PACKETSTORM: 163815 // PACKETSTORM: 164192 // CNNVD: CNNVD-202103-1458 // NVD: CVE-2021-3449

CREDITS

Red Hat

Trust: 1.2

sources: PACKETSTORM: 163747 // PACKETSTORM: 162694 // PACKETSTORM: 163267 // PACKETSTORM: 162151 // PACKETSTORM: 162307 // PACKETSTORM: 164192 // CNNVD: CNNVD-202103-1458

SOURCES

db:VULHUBid:VHN-388130
db:PACKETSTORMid:163747
db:PACKETSTORMid:169659
db:PACKETSTORMid:162694
db:PACKETSTORMid:163267
db:PACKETSTORMid:162151
db:PACKETSTORMid:162307
db:PACKETSTORMid:162041
db:PACKETSTORMid:163815
db:PACKETSTORMid:164192
db:CNNVDid:CNNVD-202103-1458
db:NVDid:CVE-2021-3449

LAST UPDATE DATE

2025-05-17T19:41:17.648000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-388130date:2022-08-29T00:00:00
db:CNNVDid:CNNVD-202103-1458date:2022-07-26T00:00:00
db:NVDid:CVE-2021-3449date:2024-11-21T06:21:33.050

SOURCES RELEASE DATE

db:VULHUBid:VHN-388130date:2021-03-25T00:00:00
db:PACKETSTORMid:163747date:2021-08-06T14:02:37
db:PACKETSTORMid:169659date:2021-03-25T12:12:12
db:PACKETSTORMid:162694date:2021-05-19T14:19:18
db:PACKETSTORMid:163267date:2021-06-23T16:08:25
db:PACKETSTORMid:162151date:2021-04-13T15:38:30
db:PACKETSTORMid:162307date:2021-04-23T15:10:34
db:PACKETSTORMid:162041date:2021-03-31T14:36:01
db:PACKETSTORMid:163815date:2021-08-13T14:20:11
db:PACKETSTORMid:164192date:2021-09-17T16:04:56
db:CNNVDid:CNNVD-202103-1458date:2021-03-25T00:00:00
db:NVDid:CVE-2021-3449date:2021-03-25T15:15:13.450