Details of VAR-202112-1608

ID

VAR-202112-1608

CVE

CVE-2021-44790

TITLE

Apache HTTP Server of mod_lua Buffer overflow vulnerability in multipart parser

Trust: 0.8

sources: JVNDB: JVNDB-2021-016455

DESCRIPTION

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. The server is fast, reliable, and can be expanded through simple APIs. An attacker can use this vulnerability to cause a buffer overflow. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina Security Update 2022-004 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213255. apache Available for: macOS Catalina Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 AppKit Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team AppleGraphicsControl Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro CoreTypes Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e) CVMS Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori DriverKit Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) Graphics Drivers Available for: macOS Catalina Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2022-22674: an anonymous researcher Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic) Intel Graphics Driver Available for: macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero libresolv Available for: macOS Catalina Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team LibreSSL Available for: macOS Catalina Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778 libxml2 Available for: macOS Catalina Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 OpenSSL Available for: macOS Catalina Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778 PackageKit Available for: macOS Catalina Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved entitlements. CVE-2022-26727: Mickey Jin (@patch1t) Printing Available for: macOS Catalina Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics Security Available for: macOS Catalina Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) SMB Available for: macOS Catalina Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs SoftwareUpdate Available for: macOS Catalina Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t) TCC Available for: macOS Catalina Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher Tcl Available for: macOS Catalina Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e) WebKit Available for: macOS Catalina Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) Wi-Fi Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval zip Available for: macOS Catalina Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530 zlib Available for: macOS Catalina Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy zsh Available for: macOS Catalina Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444 Additional recognition PackageKit We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance. Security Update 2022-004 Catalina may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p rhjgGRAAggg84uE4zYtBHmo5Qz45wlY/+FT7bSyCyo2Ta0m3JQmm26UiS9ZzXlD0 58jCo/ti+gH/gqwU05SnaG88pSMT6VKaDDnmw8WcrPtbl6NN6JX8vaZLFLoGO0dB rjwap7ulcLe7/HM8kCz3qqjKj4fusxckCjmm5yBMtuMklq7i51vzkT/+ws00ALcH 4S821CqIJlS2RIho/M/pih5A/H1Onw/nzKc7VOWjWMmmwoV+oiL4gMPE9kyIAJFQ NcZO7s70Qp9N5Z0VGIkD5HkAntEqYGNKJuCQUrHS0fHFUxVrQcuBbbSiv7vwnOT0 NVcFKBQWJtfcqmtcDF8mVi2ocqUh7So6AXhZGZtL3CrVfNMgTcjq6y5XwzXMgwlm ezMX73MnV91QuGp6KVZEmoFNlJ2dhKcJ0fYAhhW9DJqvJ1u5xIkQrUkK/ERLnWpE 9DIapT8uUbb9Zgez/tS9szv5jHhKtOoPbprju7d7LHw7XMFCVKbUvx745dFZx0AG PLsJZQNsQZJIK8QdcLA50KrlyjR2ts4nUsKj07I6LR4wUmcaj+goXYq4Nh4WLnoF x1AXD5ztdYlhqMcTAnuAbUYfuki0uzSy0p7wBiTknFwKMZNIaiToo64BES+7Iu1i vrB9SdtTSQCMXgPZX1Al1e2F/K2ubovrGU9geAEwLMq3AKudI4g= =JBHs -----END PGP SIGNATURE----- . Summary: An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.7) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64 3. Security Fix(es): * httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790) * httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Package List: Red Hat Enterprise Linux Server AUS (v. 7.7): Source: httpd-2.4.6-90.el7_7.3.src.rpm noarch: httpd-manual-2.4.6-90.el7_7.3.noarch.rpm x86_64: httpd-2.4.6-90.el7_7.3.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.3.x86_64.rpm httpd-devel-2.4.6-90.el7_7.3.x86_64.rpm httpd-tools-2.4.6-90.el7_7.3.x86_64.rpm mod_session-2.4.6-90.el7_7.3.x86_64.rpm mod_ssl-2.4.6-90.el7_7.3.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.7): Source: httpd-2.4.6-90.el7_7.3.src.rpm noarch: httpd-manual-2.4.6-90.el7_7.3.noarch.rpm ppc64le: httpd-2.4.6-90.el7_7.3.ppc64le.rpm httpd-debuginfo-2.4.6-90.el7_7.3.ppc64le.rpm httpd-devel-2.4.6-90.el7_7.3.ppc64le.rpm httpd-tools-2.4.6-90.el7_7.3.ppc64le.rpm mod_session-2.4.6-90.el7_7.3.ppc64le.rpm mod_ssl-2.4.6-90.el7_7.3.ppc64le.rpm x86_64: httpd-2.4.6-90.el7_7.3.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.3.x86_64.rpm httpd-devel-2.4.6-90.el7_7.3.x86_64.rpm httpd-tools-2.4.6-90.el7_7.3.x86_64.rpm mod_session-2.4.6-90.el7_7.3.x86_64.rpm mod_ssl-2.4.6-90.el7_7.3.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.7): Source: httpd-2.4.6-90.el7_7.3.src.rpm noarch: httpd-manual-2.4.6-90.el7_7.3.noarch.rpm x86_64: httpd-2.4.6-90.el7_7.3.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.3.x86_64.rpm httpd-devel-2.4.6-90.el7_7.3.x86_64.rpm httpd-tools-2.4.6-90.el7_7.3.x86_64.rpm mod_session-2.4.6-90.el7_7.3.x86_64.rpm mod_ssl-2.4.6-90.el7_7.3.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.7): x86_64: httpd-debuginfo-2.4.6-90.el7_7.3.x86_64.rpm mod_ldap-2.4.6-90.el7_7.3.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.3.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.7): ppc64le: httpd-debuginfo-2.4.6-90.el7_7.3.ppc64le.rpm mod_ldap-2.4.6-90.el7_7.3.ppc64le.rpm mod_proxy_html-2.4.6-90.el7_7.3.ppc64le.rpm x86_64: httpd-debuginfo-2.4.6-90.el7_7.3.x86_64.rpm mod_ldap-2.4.6-90.el7_7.3.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.3.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.7): x86_64: httpd-debuginfo-2.4.6-90.el7_7.3.x86_64.rpm mod_ldap-2.4.6-90.el7_7.3.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/cve/CVE-2022-22720 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. 7.4) - x86_64 3. For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u7. For the stable distribution (bullseye), these problems have been fixed in version 2.4.52-1~deb11u2. We recommend that you upgrade your apache2 packages. Description: OpenShift GitOps v1.3.4 on OCP 4.7-4.9 Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files 5. ========================================================================== Ubuntu Security Notice USN-5212-2 January 10, 2022 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Apache HTTP Server. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. (CVE-2021-44790) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm4 apache2-bin 2.4.18-2ubuntu3.17+esm4 Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm3 apache2-bin 2.4.7-1ubuntu4.22+esm3 In general, a standard system update will make all the necessary changes

Trust: 2.88

sources: NVD: CVE-2021-44790 // JVNDB: JVNDB-2021-016455 // CNVD: CNVD-2021-102386 // VULHUB: VHN-408105 // VULMON: CVE-2021-44790 // PACKETSTORM: 167189 // PACKETSTORM: 166583 // PACKETSTORM: 166579 // PACKETSTORM: 169211 // PACKETSTORM: 166154 // PACKETSTORM: 165501

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-102386

AFFECTED PRODUCTS

vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	tenable	model:	tenable.sc	scope:	lt	version:	5.20.0	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.3	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.1	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	lte	version:	9.0	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	eq	version:	4.3	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	eq	version:	5.0	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.2	Trust: 1.0
vendor:	apache	model:	http server	scope:	lt	version:	2.4.52	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.4	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	lte	version:	9.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	eq	version:	4.4	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	36	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	lte	version:	9.0	Trust: 1.0
vendor:	tenable	model:	tenable.sc	scope:	gte	version:	5.16.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.6.6	Trust: 1.0
vendor:	oracle	model:	zfs storage appliance kit	scope:	eq	version:	8.8	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	oracle communications session report manager	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	oracle communications operations monitor	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	oracle communications session element manager	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	http server	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	日立高信頼サーバ rv3000	scope:	-	version:	-	Trust: 0.8
vendor:	tenable	model:	tenable.sc	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	http server	scope:	lte	version:	<=2.4.51	Trust: 0.6

sources: CNVD: CNVD-2021-102386 // JVNDB: JVNDB-2021-016455 // NVD: CVE-2021-44790

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-44790
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-44790
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-102386
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202112-1579
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-408105
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-44790
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-44790
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-102386
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-408105
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-44790
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-44790
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-102386 // VULHUB: VHN-408105 // VULMON: CVE-2021-44790 // CNNVD: CNNVD-202112-1579 // JVNDB: JVNDB-2021-016455 // NVD: CVE-2021-44790

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-408105 // JVNDB: JVNDB-2021-016455 // NVD: CVE-2021-44790

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 165501 // CNNVD: CNNVD-202112-1579

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202112-1579

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-408105

PATCH

title:	hitachi-sec-2023-217	url:	https://httpd.apache.org/security/vulnerabilities_24.html	Trust: 0.8
title:	Patch for Apache HTTP Server buffer overflow vulnerability (CNVD-2021-102386)	url:	https://www.cnvd.org.cn/patchInfo/show/310311	Trust: 0.6
title:	Apache HTTP Server Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=175754	Trust: 0.6
title:	Red Hat: Important: httpd:2.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220288 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd24-httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220303 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221137 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift GitOps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220682 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221136 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221138 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: httpd security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221139 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-5035-1 apache2 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=eed1e8ea40feda10ee18daa68a3c5b5a	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2022-1560	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1560	Trust: 0.1
title:	Red Hat: CVE-2021-44790	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-44790	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1737	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1737	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-018	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-018	Trust: 0.1
title:	Tenable Security Advisories: [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202201.1	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2022-03	Trust: 0.1
title:	Tenable Security Advisories: [R1] Tenable.sc 5.20.0 Fixes Multiple Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2022-01	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift GitOps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220580 - Security Advisory	Trust: 0.1
title:	Apple: macOS Monterey 12.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=73857ee26a600b1527481f1deacc0619	Trust: 0.1
title:	-CVE-2021-44790	url:	https://github.com/nuPacaChi/-CVE-2021-44790	Trust: 0.1
title:	SnykDesk	url:	https://github.com/cretlaw/SnykDesk	Trust: 0.1
title:	emo_emo	url:	https://github.com/emotest1/emo_emo	Trust: 0.1
title:	PROJET TUTEURE	url:	https://github.com/PierreChrd/py-projet-tut	Trust: 0.1
title:	Tier 0 Tier 1 Tier 2	url:	https://github.com/Totes5706/TotesHTB	Trust: 0.1
title:	Requirements vulnsearch-cve Usage vulnsearch Usage Test Sample	url:	https://github.com/kasem545/vulnsearch	Trust: 0.1
title:	Skynet	url:	https://github.com/bioly230/THM_Skynet	Trust: 0.1
title:	Shodan Search Script	url:	https://github.com/firatesatoglu/shodanSearch	Trust: 0.1

sources: CNVD: CNVD-2021-102386 // VULMON: CVE-2021-44790 // CNNVD: CNNVD-202112-1579 // JVNDB: JVNDB-2021-016455

EXTERNAL IDS

db:	NVD	id:	CVE-2021-44790	Trust: 4.6
db:	TENABLE	id:	TNS-2022-01	Trust: 1.8
db:	TENABLE	id:	TNS-2022-03	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2021/12/20/4	Trust: 1.8
db:	PACKETSTORM	id:	171631	Trust: 1.7
db:	PACKETSTORM	id:	167189	Trust: 0.8
db:	PACKETSTORM	id:	166154	Trust: 0.8
db:	PACKETSTORM	id:	165501	Trust: 0.8
db:	JVN	id:	JVNVU97805418	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-016455	Trust: 0.8
db:	CNVD	id:	CNVD-2021-102386	Trust: 0.7
db:	PACKETSTORM	id:	165587	Trust: 0.7
db:	PACKETSTORM	id:	165747	Trust: 0.7
db:	PACKETSTORM	id:	168072	Trust: 0.7
db:	PACKETSTORM	id:	165467	Trust: 0.7
db:	PACKETSTORM	id:	165710	Trust: 0.7
db:	ICS CERT	id:	ICSA-22-132-02	Trust: 0.7
db:	PACKETSTORM	id:	166583	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.0135	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0716	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0836	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0039	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0217	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0686	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2352	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0064	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2411	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0850	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0354	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0171	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0396	Trust: 0.6
db:	CS-HELP	id:	SB2022051316	Trust: 0.6
db:	CS-HELP	id:	SB2022042265	Trust: 0.6
db:	CS-HELP	id:	SB2022030119	Trust: 0.6
db:	CS-HELP	id:	SB2022051703	Trust: 0.6
db:	CS-HELP	id:	SB2021122021	Trust: 0.6
db:	CS-HELP	id:	SB2022060706	Trust: 0.6
db:	CS-HELP	id:	SB2022012517	Trust: 0.6
db:	CS-HELP	id:	SB2022010513	Trust: 0.6
db:	CS-HELP	id:	SB2022012334	Trust: 0.6
db:	CS-HELP	id:	SB2022010609	Trust: 0.6
db:	CS-HELP	id:	SB2022011749	Trust: 0.6
db:	CS-HELP	id:	SB2022021427	Trust: 0.6
db:	CS-HELP	id:	SB2022012003	Trust: 0.6
db:	CS-HELP	id:	SB2022060811	Trust: 0.6
db:	CS-HELP	id:	SB2022012639	Trust: 0.6
db:	EXPLOIT-DB	id:	51193	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-1579	Trust: 0.6
db:	PACKETSTORM	id:	165745	Trust: 0.1
db:	PACKETSTORM	id:	167186	Trust: 0.1
db:	PACKETSTORM	id:	167188	Trust: 0.1
db:	VULHUB	id:	VHN-408105	Trust: 0.1
db:	VULMON	id:	CVE-2021-44790	Trust: 0.1
db:	PACKETSTORM	id:	166579	Trust: 0.1
db:	PACKETSTORM	id:	169211	Trust: 0.1

sources: CNVD: CNVD-2021-102386 // VULHUB: VHN-408105 // VULMON: CVE-2021-44790 // PACKETSTORM: 167189 // PACKETSTORM: 166583 // PACKETSTORM: 166579 // PACKETSTORM: 169211 // PACKETSTORM: 166154 // PACKETSTORM: 165501 // CNNVD: CNNVD-202112-1579 // JVNDB: JVNDB-2021-016455 // NVD: CVE-2021-44790

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-44790	Trust: 2.6
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 2.4
url:	https://www.debian.org/security/2022/dsa-5035	Trust: 1.9
url:	https://support.apple.com/kb/ht213255	Trust: 1.8
url:	https://support.apple.com/kb/ht213256	Trust: 1.8
url:	https://support.apple.com/kb/ht213257	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20211224-0001/	Trust: 1.8
url:	https://www.tenable.com/security/tns-2022-01	Trust: 1.8
url:	https://www.tenable.com/security/tns-2022-03	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/may/38	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/may/35	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/may/33	Trust: 1.8
url:	https://security.gentoo.org/glsa/202208-20	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2021/12/20/4	Trust: 1.8
url:	http://packetstormsecurity.com/files/171631/apache-2.4.x-buffer-overflow.html	Trust: 1.7
url:	http://httpd.apache.org/security/vulnerabilities_24.html	Trust: 1.2
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfswoh4x77cv7ah7c4rmhubdwkqdl4yh/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/	Trust: 1.1
url:	https://jvn.jp/vu/jvnvu97805418/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bfswoh4x77cv7ah7c4rmhubdwkqdl4yh/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/	Trust: 0.7
url:	httpd.apache.org/security/vulnerabilities_24.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0686	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051316	Trust: 0.6
url:	https://packetstormsecurity.com/files/166583/red-hat-security-advisory-2022-1137-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022010609	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022030119	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042265	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0064	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022021427	Trust: 0.6
url:	https://packetstormsecurity.com/files/165587/red-hat-security-advisory-2022-0143-03.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060706	Trust: 0.6
url:	https://packetstormsecurity.com/files/165710/red-hat-security-advisory-2022-0258-02.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/165501/ubuntu-security-notice-usn-5212-2.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012517	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012639	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0716	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0836	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2352	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022010513	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0217	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2411	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0039	Trust: 0.6
url:	https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012334	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0135	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0850	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0354	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051703	Trust: 0.6
url:	https://packetstormsecurity.com/files/165747/red-hat-security-advisory-2022-0303-02.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0396	Trust: 0.6
url:	https://www.exploit-db.com/exploits/51193	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011749	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0171	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060811	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apache-http-server-buffer-overflow-via-mod-lua-multipart-content-37112	Trust: 0.6
url:	https://packetstormsecurity.com/files/166154/red-hat-security-advisory-2022-0682-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/165467/ubuntu-security-notice-usn-5212-1.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122021	Trust: 0.6
url:	https://support.apple.com/en-us/ht213256	Trust: 0.6
url:	https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012003	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44224	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22720	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-44790	Trust: 0.3
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-22720	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0288	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/nupacachi/-cve-2021-44790	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-02	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23308	Trust: 0.1
url:	https://support.apple.com/ht213255.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22589	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22663	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26726	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22674	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26714	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0530	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26698	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26727	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26728	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26697	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26748	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0778	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45444	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25032	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26720	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22665	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26715	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26722	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26746	Trust: 0.1
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1137	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1138	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/apache2	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24348	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0682	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24348	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5212-1	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5212-2	Trust: 0.1

CREDITS

Mitsubishi Electric notified CISA of these vulnerabilities.

Trust: 0.6

sources: CNNVD: CNNVD-202112-1579

SOURCES

db:	CNVD	id:	CNVD-2021-102386
db:	VULHUB	id:	VHN-408105
db:	VULMON	id:	CVE-2021-44790
db:	PACKETSTORM	id:	167189
db:	PACKETSTORM	id:	166583
db:	PACKETSTORM	id:	166579
db:	PACKETSTORM	id:	169211
db:	PACKETSTORM	id:	166154
db:	PACKETSTORM	id:	165501
db:	CNNVD	id:	CNNVD-202112-1579
db:	JVNDB	id:	JVNDB-2021-016455
db:	NVD	id:	CVE-2021-44790

LAST UPDATE DATE

2025-12-22T21:50:16.169000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-102386	date:	2021-12-27T00:00:00
db:	VULHUB	id:	VHN-408105	date:	2022-11-02T00:00:00
db:	VULMON	id:	CVE-2021-44790	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202112-1579	date:	2023-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-016455	date:	2023-12-12T07:43:00
db:	NVD	id:	CVE-2021-44790	date:	2025-05-01T15:38:06.313

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-102386	date:	2021-12-24T00:00:00
db:	VULHUB	id:	VHN-408105	date:	2021-12-20T00:00:00
db:	VULMON	id:	CVE-2021-44790	date:	2021-12-20T00:00:00
db:	PACKETSTORM	id:	167189	date:	2022-05-17T16:59:55
db:	PACKETSTORM	id:	166583	date:	2022-04-04T14:36:52
db:	PACKETSTORM	id:	166579	date:	2022-04-04T14:33:43
db:	PACKETSTORM	id:	169211	date:	2022-01-28T20:12:00
db:	PACKETSTORM	id:	166154	date:	2022-02-28T16:18:23
db:	PACKETSTORM	id:	165501	date:	2022-01-10T17:59:29
db:	CNNVD	id:	CNNVD-202112-1579	date:	2021-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-016455	date:	2022-12-15T00:00:00
db:	NVD	id:	CVE-2021-44790	date:	2021-12-20T12:15:07.440