ID

VAR-202112-2540


CVE

CVE-2021-4192


TITLE

Vim Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202112-2823

DESCRIPTION

vim is vulnerable to Use After Free. (CVE-2021-3984, CVE-2021-4019, CVE-2021-4069). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJ9 for OpenShift image security update Advisory ID: RHSA-2022:0445-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0445 Issue date: 2022-02-07 CVE Names: CVE-2021-3521 CVE-2021-3872 CVE-2021-3984 CVE-2021-4019 CVE-2021-4104 CVE-2021-4122 CVE-2021-4192 CVE-2021-4193 CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 ===================================================================== 1. Summary: A new image is available for Red Hat Single Sign-On 7.4.10 on OpenJ9, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.4.10 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security Fix(es): * log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305) * log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To update to the latest Red Hat Single Sign-On 7.4.10 for OpenShift image, Follow these steps to pull in the content: 1. On your master hosts, ensure you are logged into the CLI as a cluster administrator or user with project administrator access to the global "openshift" project. For example: $ oc login -u system:admin 2. Update the core set of Red Hat Single Sign-On resources for OpenShift in the "openshift" project by running the following commands: $ for resource in sso74-image-stream.json \ sso74-https.json \ sso74-mysql.json \ sso74-mysql-persistent.json \ sso74-postgresql.json \ sso74-postgresql-persistent.json \ sso74-x509-https.json \ sso74-x509-mysql-persistent.json \ sso74-x509-postgresql-persistent.json do oc replace -n openshift --force -f \ https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.4.10.GA/templates/${resource} done 3. Install the Red Hat Single Sign-On 7.4.10 for OpenShift streams in the "openshift" project by running the following commands: $ oc -n openshift import-image redhat-sso74-openshift:1.0 4. Bugs fixed (https://bugzilla.redhat.com/): 2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer 5. JIRA issues fixed (https://issues.jboss.org/): CIAM-2059 - [log4j 1.x] test OCP image for ibm p/z 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-07-20-4 Security Update 2022-005 Catalina Security Update 2022-005 Catalina addresses the following issues. APFS Available for: macOS Catalina Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03) AppleMobileFileIntegrity Available for: macOS Catalina Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32853: Ye Zhang(@co0py_Cat) of Baidu Security CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security Audio Available for: macOS Catalina Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher Calendar Available for: macOS Catalina Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security Calendar Available for: macOS Catalina Impact: An app may be able to access user-sensitive data Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones CoreText Available for: macOS Catalina Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg) FaceTime Available for: macOS Catalina Impact: An app with root privileges may be able to access private information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32781: Wojciech Reguła (@_r3ggi) of SecuRing File System Events Available for: macOS Catalina Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant ICU Available for: macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. ImageIO Available for: macOS Catalina Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit) Intel Graphics Driver Available for: macOS Catalina Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. Intel Graphics Driver Available for: macOS Catalina Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o Kernel Available for: macOS Catalina Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32815: Xinru Chi of Pangu Lab CVE-2022-32813: Xinru Chi of Pangu Lab libxml2 Available for: macOS Catalina Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823 PackageKit Available for: macOS Catalina Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t) PackageKit Available for: macOS Catalina Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t) PluginKit Available for: macOS Catalina Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro PS Normalizer Available for: macOS Catalina Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz SMB Available for: macOS Catalina Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Catalina Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0) Software Update Available for: macOS Catalina Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin) Spindump Available for: macOS Catalina Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Spotlight Available for: macOS Catalina Impact: An app may be able to gain elevated privileges Description: A validation issue in the handling of symlinks was addressed with improved validation of symlinks. CVE-2022-26704: Joshua Mason of Mandiant TCC Available for: macOS Catalina Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Vim Available for: macOS Catalina Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 Wi-Fi Available for: macOS Catalina Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval Security Update 2022-005 Catalina may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuQACgkQeC9qKD1p rhiuNw//V3lvbuk3ZcN4l2+dumbidEYnYD+qrrm+V332BNA9zqn9Uyoy1l9mXY32 qA/UfHpnuZj5F2qjBNinkpV9VlwMZUIZmWfLBrVz3+cF1wrF6RZVFmz05sVsWTCC zB7H9eCPQr/afrTgjf2evIsaCZaqveOP7ZVFV3dOEOpzp/hMUYFWF69mEbYfl2Z1 PlB3bkZPys4fZ3nCq70egWotGl7V4M/9aqGBDQZzAwmcsepeppBaCP1MnDiDiWqA 6m2jVNDDTP/CasfPt1k3jR3aKf7f+ySZozQLyUyMhRpTLnZ1fpEtD5jjwK/hprKW g00gdTOBl7aGAxbKL3xlsxXRGzhzy9n2RVN4duhRKEbDKDShCfRFmCxXGxAGJB7J 96TqA/wy1s7gnlxNzUfJewJMopr3AU4ffhdyOgKV1Is7eRwAhKYlh3K5T6C28Uuj 8TXAqY2qwMqs+jIqe3dGEuPBj83tQMD0xukIhzGtuxwoziiPyzSfrgUHvSK8vBYN NGGfLdHn8ailAYpnFeRxhImxclr59QddI8uzS/G6O9CLJY0jUh3tjCNC3fjIjS6F lD3+P/J/Hf5HFvpvNyw6aJVVYIcGFOQi+RmhVGysMHuGIz4aqc9rTdvbAKdeKpyK 8p0C6S1/sV+pu7morGBm9aSm/rRyDZSVWSA2l/3fRA9mJmrL8Ao= =fcrb -----END PGP SIGNATURE----- . Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Security Fix(es): * vim: heap-based buffer overflow in win_redr_status() in drawscreen.c (CVE-2021-3872) * vim: illegal memory access in find_start_brace() in cindent.c when C-indenting (CVE-2021-3984) * vim: heap-based buffer overflow in find_help_tags() in help.c (CVE-2021-4019) * vim: use-after-free in win_linetabsize() (CVE-2021-4192) * vim: out-of-bound read in getvcol() (CVE-2021-4193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.3.6 General Availability release images, which provide security updates and bug fixes. Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.6 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/ Security updates: * Nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918) * Nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * Golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * Follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) Bug fixes: * Inform ACM policy is not checking properly the node fields (BZ# 2015588) * ImagePullPolicy is "Always" for multicluster-operators-subscription-rhel8 image (BZ# 2021128) * Traceback blocks reconciliation of helm repository hosted on AWS S3 storage (BZ# 2021576) * RHACM 2.3.6 images (BZ# 2029507) * Console UI enabled SNO UI Options not displayed during cluster creating (BZ# 2030002) * Grc pod restarts for each new GET request to the Governance Policy Page (BZ# 2037351) * Clustersets do not appear in UI (BZ# 2049810) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 2015588 - Inform ACM policy is not checking properly the node fields 2021128 - imagePullPolicy is "Always" for multicluster-operators-subscription-rhel8 image 2021576 - traceback blocks reconciliation of helm repository hosted on AWS S3 storage 2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability 2029507 - RHACM 2.3.6 images 2030002 - Console UI enabled SNO UI Options not displayed during cluster creating 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2037351 - grc pod restarts for each new GET request to the Governance Policy Page 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2049810 - Clustersets do not appear in UI 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 5. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception 2052539 - CVE-2022-0552 origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2182 - Logging link is not removed when CLO is uninstalled or its instance is removed 6. ========================================================================== Ubuntu Security Notice USN-6026-1 April 19, 2023 vim vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Vim. Software Description: - vim: Vi IMproved - enhanced vi editor Details: It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-4166) It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4192) It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193) It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213) It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318) It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319) It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351) It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359) It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368) It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408) It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443) It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554) It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572) It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629) It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685) It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714) It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729) It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-2207) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.7 Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.14 Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.13 Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm9 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6026-1 CVE-2021-4166, CVE-2021-4192, CVE-2021-4193, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408, CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0629, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-2207 Package Information: https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7 https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14 https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13

Trust: 1.62

sources: NVD: CVE-2021-4192 // VULHUB: VHN-410613 // VULMON: CVE-2021-4192 // PACKETSTORM: 165902 // PACKETSTORM: 167789 // PACKETSTORM: 165813 // PACKETSTORM: 166204 // PACKETSTORM: 166179 // PACKETSTORM: 171934

AFFECTED PRODUCTS

vendor:applemodel:macosscope:eqversion:10.15.7

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.3

Trust: 1.0

vendor:vimmodel:vimscope:ltversion:8.2.3949

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.6

Trust: 1.0

sources: NVD: CVE-2021-4192

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-4192
value: HIGH

Trust: 1.0

security@huntr.dev: CVE-2021-4192
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202112-2823
value: HIGH

Trust: 0.6

VULHUB: VHN-410613
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-4192
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-4192
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-410613
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-4192
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security@huntr.dev: CVE-2021-4192
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-410613 // VULMON: CVE-2021-4192 // CNNVD: CNNVD-202112-2823 // NVD: CVE-2021-4192 // NVD: CVE-2021-4192

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

sources: VULHUB: VHN-410613 // NVD: CVE-2021-4192

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2823

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202112-2823

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-410613

PATCH

title:Red Hat: Moderate: vim security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220366 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift GitOps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220476 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2021-4192url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-4192

Trust: 0.1

title:Red Hat: Moderate: OpenShift Logging bug fix and security update (5.3.5)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220721 - Security Advisory

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-4192

Trust: 0.1

title:Ubuntu Security Notice: USN-5433-1: Vim vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5433-1

Trust: 0.1

title:Red Hat: Important: Red Hat Advanced Cluster Management 2.3.6 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220595 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJ9 for OpenShift image security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220445 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220444 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220735 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Release of containers for OSP 16.2 director operator tech previewurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220842 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2022-1557url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1557

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220856 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1743url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1743

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-014url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-014

Trust: 0.1

title:Apple: macOS Monterey 12.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f1105c4a20da11497b610b14a1668180

Trust: 0.1

title:Apple: Security Update 2022-005 Catalinaurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=b71ee1a3b689c178ee5a5bc823295063

Trust: 0.1

sources: VULMON: CVE-2021-4192

EXTERNAL IDS

db:NVDid:CVE-2021-4192

Trust: 2.4

db:OPENWALLid:OSS-SECURITY/2022/01/15/1

Trust: 1.8

db:PACKETSTORMid:165813

Trust: 0.8

db:PACKETSTORMid:166179

Trust: 0.8

db:PACKETSTORMid:166204

Trust: 0.8

db:PACKETSTORMid:167789

Trust: 0.8

db:PACKETSTORMid:165930

Trust: 0.7

db:PACKETSTORMid:167188

Trust: 0.7

db:PACKETSTORMid:167242

Trust: 0.7

db:PACKETSTORMid:166319

Trust: 0.7

db:AUSCERTid:ESB-2022.3561

Trust: 0.6

db:AUSCERTid:ESB-2022.3002

Trust: 0.6

db:AUSCERTid:ESB-2022.0903

Trust: 0.6

db:AUSCERTid:ESB-2022.1071

Trust: 0.6

db:AUSCERTid:ESB-2022.0870

Trust: 0.6

db:AUSCERTid:ESB-2022.2516

Trust: 0.6

db:AUSCERTid:ESB-2023.0019

Trust: 0.6

db:AUSCERTid:ESB-2022.1056

Trust: 0.6

db:AUSCERTid:ESB-2022.2412

Trust: 0.6

db:CS-HELPid:SB2022052327

Trust: 0.6

db:CS-HELPid:SB2022072103

Trust: 0.6

db:CS-HELPid:SB2022051702

Trust: 0.6

db:CS-HELPid:SB2022031433

Trust: 0.6

db:CS-HELPid:SB2022062022

Trust: 0.6

db:CS-HELPid:SB2022022221

Trust: 0.6

db:CNNVDid:CNNVD-202112-2823

Trust: 0.6

db:PACKETSTORMid:165902

Trust: 0.2

db:PACKETSTORMid:166199

Trust: 0.1

db:PACKETSTORMid:165917

Trust: 0.1

db:VULHUBid:VHN-410613

Trust: 0.1

db:VULMONid:CVE-2021-4192

Trust: 0.1

db:PACKETSTORMid:171934

Trust: 0.1

sources: VULHUB: VHN-410613 // VULMON: CVE-2021-4192 // PACKETSTORM: 165902 // PACKETSTORM: 167789 // PACKETSTORM: 165813 // PACKETSTORM: 166204 // PACKETSTORM: 166179 // PACKETSTORM: 171934 // CNNVD: CNNVD-202112-2823 // NVD: CVE-2021-4192

REFERENCES

url:https://support.apple.com/kb/ht213183

Trust: 1.8

url:https://support.apple.com/kb/ht213256

Trust: 1.8

url:https://support.apple.com/kb/ht213343

Trust: 1.8

url:https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/mar/29

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/may/35

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/jul/14

Trust: 1.8

url:https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2022/01/15/1

Trust: 1.8

url:https://security.gentoo.org/glsa/202208-32

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html

Trust: 1.7

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-4192

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-4193

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1056

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1071

Trust: 0.6

url:https://packetstormsecurity.com/files/166179/red-hat-security-advisory-2022-0721-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/167789/apple-security-advisory-2022-07-20-4.html

Trust: 0.6

url:https://support.apple.com/en-us/ht213183

Trust: 0.6

url:https://packetstormsecurity.com/files/167242/ubuntu-security-notice-usn-5433-1.html

Trust: 0.6

url:https://support.apple.com/en-us/ht213343

Trust: 0.6

url:https://packetstormsecurity.com/files/167188/apple-security-advisory-2022-05-16-3.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3561

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3002

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031433

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2412

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072103

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051702

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022022221

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0870

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2516

Trust: 0.6

url:https://vigilance.fr/vulnerability/vim-reuse-after-free-via-regexp-percent-v-37346

Trust: 0.6

url:https://packetstormsecurity.com/files/165930/red-hat-security-advisory-2022-0476-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/165813/red-hat-security-advisory-2022-0366-06.html

Trust: 0.6

url:https://support.apple.com/en-us/ht213256

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0019

Trust: 0.6

url:https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022062022

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0903

Trust: 0.6

url:https://packetstormsecurity.com/files/166204/red-hat-security-advisory-2022-0595-02.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022052327

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3984

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-3872

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-4193

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3872

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-4019

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-4019

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-4192

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-3984

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-3521

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-4122

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-4122

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3521

Trust: 0.3

url:https://access.redhat.com/errata/rhsa-2022:0366

Trust: 0.2

url:https://issues.jboss.org/):

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-4166

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/416.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5433-1

Trust: 0.1

url:https://security.archlinux.org/cve-2021-4192

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21293

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23302

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0445

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21293

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21340

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21294

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21282

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21340

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4104

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21299

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21283

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21248

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21248

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21365

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21360

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23307

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21341

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21365

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4104

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21294

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21299

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21341

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21360

Trust: 0.1

url:https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.4.10.ga/templates/${resource}

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21296

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23302

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21282

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21296

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23305

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21283

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23307

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0128

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4187

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-46059

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32786

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4173

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32781

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32785

Trust: 0.1

url:https://support.apple.com/ht213343.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26704

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4136

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32787

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4034

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4034

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20321

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-42739

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3918

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4155

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25704

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43565

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-20612

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42739

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0185

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3918

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43565

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25704

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-42574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0185

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36322

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-20612

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-20617

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20321

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0595

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-20617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36322

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0552

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0721

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0552

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28491

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28491

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0351

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0554

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0319

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0368

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0572

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0629

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0261

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6026-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0408

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0443

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0359

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0213

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7

Trust: 0.1

sources: VULHUB: VHN-410613 // VULMON: CVE-2021-4192 // PACKETSTORM: 165902 // PACKETSTORM: 167789 // PACKETSTORM: 165813 // PACKETSTORM: 166204 // PACKETSTORM: 166179 // PACKETSTORM: 171934 // CNNVD: CNNVD-202112-2823 // NVD: CVE-2021-4192

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 165902 // PACKETSTORM: 165813 // PACKETSTORM: 166204 // PACKETSTORM: 166179

SOURCES

db:VULHUBid:VHN-410613
db:VULMONid:CVE-2021-4192
db:PACKETSTORMid:165902
db:PACKETSTORMid:167789
db:PACKETSTORMid:165813
db:PACKETSTORMid:166204
db:PACKETSTORMid:166179
db:PACKETSTORMid:171934
db:CNNVDid:CNNVD-202112-2823
db:NVDid:CVE-2021-4192

LAST UPDATE DATE

2026-07-11T23:02:04.715000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-410613date:2022-11-09T00:00:00
db:VULMONid:CVE-2021-4192date:2022-07-22T00:00:00
db:CNNVDid:CNNVD-202112-2823date:2023-01-03T00:00:00
db:NVDid:CVE-2021-4192date:2026-06-17T04:19:11.530

SOURCES RELEASE DATE

db:VULHUBid:VHN-410613date:2021-12-31T00:00:00
db:VULMONid:CVE-2021-4192date:2021-12-31T00:00:00
db:PACKETSTORMid:165902date:2022-02-09T16:02:16
db:PACKETSTORMid:167789date:2022-07-22T16:23:52
db:PACKETSTORMid:165813date:2022-02-02T16:48:00
db:PACKETSTORMid:166204date:2022-03-04T16:17:56
db:PACKETSTORMid:166179date:2022-03-02T16:50:31
db:PACKETSTORMid:171934date:2023-04-19T13:03:56
db:CNNVDid:CNNVD-202112-2823date:2021-12-31T00:00:00
db:NVDid:CVE-2021-4192date:2021-12-31T15:15:08.560