var-202109-1966
Vulnerability from variot
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. Python is an open source, object-oriented programming language developed by the Python Foundation. The language is scalable, supports modules and packages, and supports multiple platforms. A code issue vulnerability exists in Python due to a failure in the product to properly handle RCFS. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: python3.5 For Ubuntu 16.04 ESM. In Python3's Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. (CVE-2020-27619) The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. (CVE-2021-3737) ftplib should not use the host from the PASV response (CVE-2021-4189) A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like r and n in the URL path. This flaw allows an malicious user to input a crafted URL, leading to injection attacks. (CVE-2022-0391). Description:
Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools.
This advisory is intended to use with Container Images, for Red Hat 3scale API Management 2.11.1. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1912487 - CVE-2020-26247 rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema
- JIRA issues fixed (https://issues.jboss.org/):
THREESCALE-6868 - [3scale][2.11][LO-prio] Improve select default Application plan THREESCALE-6879 - [3scale][2.11][HI-prio] Add 'Create new Application' flow to Product > Applications index THREESCALE-7030 - Address scalability in 'Create new Application' form THREESCALE-7203 - Fix Zync resync command in 5.6.9. Creating equivalent Zync routes THREESCALE-7475 - Some api calls result in "Destroying user session" THREESCALE-7488 - Ability to add external Lua dependencies for custom policies THREESCALE-7573 - Enable proxy environment variables via the APICAST CRD THREESCALE-7605 - type change of "policies_config" in /admin/api/services/{service_id}/proxy.json THREESCALE-7633 - Signup form in developer portal is disabled for users authenticted via external SSO THREESCALE-7644 - Metrics: Service for 3scale operator is missing THREESCALE-7646 - Cleanup/refactor Products and Backends index logic THREESCALE-7648 - Remove "#context-menu" from the url THREESCALE-7704 - Images based on RHEL 7 should contain at least ca-certificates-2021.2.50-72.el7_9.noarch.rpm THREESCALE-7731 - Reenable operator metrics service for apicast-operator THREESCALE-7761 - 3scale Operator doesn't respect *_proxy env vars THREESCALE-7765 - Remove MessageBus from System THREESCALE-7834 - admin can't create application when developer is not allowed to pick a plan THREESCALE-7863 - Update some Obsolete API's in 3scale_v2.js THREESCALE-7884 - Service top application endpoint is not working properly THREESCALE-7912 - ServiceMonitor created by monitoring showing HTTP 400 error THREESCALE-7913 - ServiceMonitor for 3scale operator has wide selector
- Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
- ========================================================================== Ubuntu Security Notice USN-5200-1 December 17, 2021
python3.7, python3.8 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Python could be made to crash if it receives specially crafted input from a malicious server. (CVE-2020-8492)
It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. (CVE-2021-3737)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: libpython3.7-stdlib 3.7.5-2ubuntu1~18.04.2 libpython3.8-stdlib 3.8.0-3ubuntu1~18.04.2 python3.7 3.7.5-2ubuntu1~18.04.2 python3.7-minimal 3.7.5-2ubuntu1~18.04.2 python3.8 3.8.0-3ubuntu1~18.04.2 python3.8-minimal 3.8.0-3ubuntu1~18.04.2
In general, a standard system update will make all the necessary changes. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.4.0 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.4/html/release_notes/
Security fixes:
-
CVE-2021-33623: nodejs-trim-newlines: ReDoS in .end() method
-
CVE-2021-32626: redis: Lua scripts can overflow the heap-based Lua stack
-
CVE-2021-32627: redis: Integer overflow issue with Streams
-
CVE-2021-32628: redis: Integer overflow bug in the ziplist data structure
-
CVE-2021-32672: redis: Out of bounds read in lua debugger protocol parser
-
CVE-2021-32675: redis: Denial of service via Redis Standard Protocol (RESP) request
-
CVE-2021-32687: redis: Integer overflow issue with intsets
-
CVE-2021-32690: helm: information disclosure vulnerability
-
CVE-2021-32803: nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite
-
CVE-2021-32804: nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite
-
CVE-2021-23017: nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name
-
CVE-2021-3711: openssl: SM2 Decryption Buffer Overflow
-
CVE-2021-3712: openssl: Read buffer overruns processing ASN.1 strings
-
CVE-2021-3749: nodejs-axios: Regular expression denial of service in trim function
-
CVE-2021-41099: redis: Integer overflow issue with strings
Bug fixes:
- RFE ACM Application management UI doesn't reflect object status (Bugzilla
1965321)
-
RHACM 2.4 files (Bugzilla #1983663)
-
Hive Operator CrashLoopBackOff when deploying ACM with latest downstream 2.4 (Bugzilla #1993366)
-
submariner-addon pod failing in RHACM 2.4 latest ds snapshot (Bugzilla
1994668)
-
ACM 2.4 install on OCP 4.9 ipv6 disconnected hub fails due to multicluster pod in clb (Bugzilla #2000274)
-
pre-network-manager-config failed due to timeout when static config is used (Bugzilla #2003915)
-
InfraEnv condition does not reflect the actual error message (Bugzilla
2009204, 2010030)
-
Flaky test point to a nil pointer conditions list (Bugzilla #2010175)
-
InfraEnv status shows 'Failed to create image: internal error (Bugzilla
2010272)
- subctl diagnose firewall intra-cluster - failed VXLAN checks (Bugzilla
2013157)
-
pre-network-manager-config failed due to timeout when static config is used (Bugzilla #2014084)
-
Bugs fixed (https://bugzilla.redhat.com/):
1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1965321 - RFE ACM Application management UI doesn't reflect object status 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1983663 - RHACM 2.4.0 images 1990409 - CVE-2021-32804 nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite 1990415 - CVE-2021-32803 nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite 1993366 - Hive Operator CrashLoopBackOff when deploying ACM with latest downstream 2.4 1994668 - submariner-addon pod failing in RHACM 2.4 latest ds snapshot 1995623 - CVE-2021-3711 openssl: SM2 Decryption Buffer Overflow 1995634 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2000274 - ACM 2.4 install on OCP 4.9 ipv6 disconnected hub fails due to multicluster pod in clb 2003915 - pre-network-manager-config failed due to timeout when static config is used 2009204 - InfraEnv condition does not reflect the actual error message 2010030 - InfraEnv condition does not reflect the actual error message 2010175 - Flaky test point to a nil pointer conditions list 2010272 - InfraEnv status shows 'Failed to create image: internal error 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings 2013157 - subctl diagnose firewall intra-cluster - failed VXLAN checks 2014084 - pre-network-manager-config failed due to timeout when static config is used
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: python3 security update Advisory ID: RHSA-2021:4057-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4057 Issue date: 2021-11-02 CVE Names: CVE-2021-3733 =====================================================================
- Summary:
An update for python3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
- python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1995234 - CVE-2021-3733 python: urllib: Regular expression DoS in AbstractBasicAuthHandler
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
aarch64: platform-python-debug-3.6.8-39.el8_4.aarch64.rpm platform-python-devel-3.6.8-39.el8_4.aarch64.rpm python3-debuginfo-3.6.8-39.el8_4.aarch64.rpm python3-debugsource-3.6.8-39.el8_4.aarch64.rpm python3-idle-3.6.8-39.el8_4.aarch64.rpm python3-tkinter-3.6.8-39.el8_4.aarch64.rpm
ppc64le: platform-python-debug-3.6.8-39.el8_4.ppc64le.rpm platform-python-devel-3.6.8-39.el8_4.ppc64le.rpm python3-debuginfo-3.6.8-39.el8_4.ppc64le.rpm python3-debugsource-3.6.8-39.el8_4.ppc64le.rpm python3-idle-3.6.8-39.el8_4.ppc64le.rpm python3-tkinter-3.6.8-39.el8_4.ppc64le.rpm
s390x: platform-python-debug-3.6.8-39.el8_4.s390x.rpm platform-python-devel-3.6.8-39.el8_4.s390x.rpm python3-debuginfo-3.6.8-39.el8_4.s390x.rpm python3-debugsource-3.6.8-39.el8_4.s390x.rpm python3-idle-3.6.8-39.el8_4.s390x.rpm python3-tkinter-3.6.8-39.el8_4.s390x.rpm
x86_64: platform-python-3.6.8-39.el8_4.i686.rpm platform-python-debug-3.6.8-39.el8_4.i686.rpm platform-python-debug-3.6.8-39.el8_4.x86_64.rpm platform-python-devel-3.6.8-39.el8_4.i686.rpm platform-python-devel-3.6.8-39.el8_4.x86_64.rpm python3-debuginfo-3.6.8-39.el8_4.i686.rpm python3-debuginfo-3.6.8-39.el8_4.x86_64.rpm python3-debugsource-3.6.8-39.el8_4.i686.rpm python3-debugsource-3.6.8-39.el8_4.x86_64.rpm python3-idle-3.6.8-39.el8_4.i686.rpm python3-idle-3.6.8-39.el8_4.x86_64.rpm python3-test-3.6.8-39.el8_4.i686.rpm python3-tkinter-3.6.8-39.el8_4.i686.rpm python3-tkinter-3.6.8-39.el8_4.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: python3-3.6.8-39.el8_4.src.rpm
aarch64: platform-python-3.6.8-39.el8_4.aarch64.rpm python3-debuginfo-3.6.8-39.el8_4.aarch64.rpm python3-debugsource-3.6.8-39.el8_4.aarch64.rpm python3-libs-3.6.8-39.el8_4.aarch64.rpm python3-test-3.6.8-39.el8_4.aarch64.rpm
ppc64le: platform-python-3.6.8-39.el8_4.ppc64le.rpm python3-debuginfo-3.6.8-39.el8_4.ppc64le.rpm python3-debugsource-3.6.8-39.el8_4.ppc64le.rpm python3-libs-3.6.8-39.el8_4.ppc64le.rpm python3-test-3.6.8-39.el8_4.ppc64le.rpm
s390x: platform-python-3.6.8-39.el8_4.s390x.rpm python3-debuginfo-3.6.8-39.el8_4.s390x.rpm python3-debugsource-3.6.8-39.el8_4.s390x.rpm python3-libs-3.6.8-39.el8_4.s390x.rpm python3-test-3.6.8-39.el8_4.s390x.rpm
x86_64: platform-python-3.6.8-39.el8_4.x86_64.rpm python3-debuginfo-3.6.8-39.el8_4.i686.rpm python3-debuginfo-3.6.8-39.el8_4.x86_64.rpm python3-debugsource-3.6.8-39.el8_4.i686.rpm python3-debugsource-3.6.8-39.el8_4.x86_64.rpm python3-libs-3.6.8-39.el8_4.i686.rpm python3-libs-3.6.8-39.el8_4.x86_64.rpm python3-test-3.6.8-39.el8_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYYD6u9zjgjWX9erEAQgCbg//S3byb5BXGosk0v+LDiREjmiOkmk9QpLJ 8SCgT7ap9IRI6rghoGv7bsLpRyydrd8KR0pIDCQOJngEGZfJEUiwk6QhdFs0JHqG aHb1JJCBGTyQ9b0jhrKlJKCvJJk9oscRhkVn2AYm9r4fAnwzSqLaTd+8/PxJrKi+ 7M6I3xh3MYVj5j8Y56GCXYbuAxQqNRPUunzLC8tr79zuVt1iH5qAbff/Dmtkpl4A zDDMp42s7UN1H+Y4pRo9b7MqJLpa1GjuZWsVr53QZu4al7Cbw+iAlz4R2P3pQVKv uHCkl7pWi+v22po5C55+djkPPzzu0NiVJ9CLI/gtI4lx7dJ6uKqNaPvetzuaKaR5 9HEFIRat1V/jD/boAa4gUscosId8h8Arm8UDLaIoJ5IqdNYrRb+AtXpBN2Clg0S2 z9KLbG7jNFAH4sqmIsYz2t+O8pQteMzQdbhoSx8KdaQgIqjUBd+dBXE3P0kndc0g 1No7qsDjavlD31uvXC6K+RO0bESW7kZbcscseO5xiiMNBCbWjKVjKo5DavNxmrTf W4DkMsSzmijKqBsoBgxizFiCF82NH+UXIY/PSNJ4h8KKwi377FRwVvjg8JC5TBPG Wpg6oNbHBTrWEmdlOcL6C13gjIDVtU3lWVomlGYkb7/t4KtjiorJuzuolcqpkRVp YfBN+OdHhpA= =MOG7 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):
1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 2016256 - Release of OpenShift Serverless Eventing 1.19.0 2016258 - Release of OpenShift Serverless Serving 1.19.0
- Bugs fixed (https://bugzilla.redhat.com/):
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1998844 - virt-handler Pod is missing xorrisofs command 2008522 - "unable to execute QEMU agent command 'guest-get-users'" logs in virt-launcher pod every 10 seconds 2010334 - VM is not able to be migrated after failed migration 2012328 - 2.6.8 containers 2013494 - [CNV-2.6.8] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13
5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1966", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "python", "scope": "gte", "trust": 1.0, "vendor": "python", "version": "3.8.0" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "enterprise linux for ibm z systems", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "python", "scope": "gte", "trust": 1.0, "vendor": "python", "version": "3.7.0" }, { "model": "enterprise linux server update services for sap solutions", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "extra packages for enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "7.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "36" }, { "model": "solidfire\\, enterprise sds \\\u0026 hci storage node", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "codeready linux builder for power little endian", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "python", "scope": "gte", "trust": 1.0, "vendor": "python", "version": "3.9.0" }, { "model": "enterprise linux for power little endian eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "management services for element software and netapp hci", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "python", "scope": "lt", "trust": 1.0, "vendor": "python", "version": "3.6.14" }, { "model": "codeready linux builder", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "python", "scope": "lt", "trust": 1.0, "vendor": "python", "version": "3.7.11" }, { "model": "python", "scope": "lt", "trust": 1.0, "vendor": "python", "version": "3.9.5" }, { "model": "enterprise linux for ibm z systems eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "python", "scope": "lt", "trust": 1.0, "vendor": "python", "version": "3.8.10" }, { "model": "enterprise linux server for power little endian update services for sap solutions", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.4" }, { "model": "python", "scope": "eq", "trust": 1.0, "vendor": "python", "version": "3.10.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "33" }, { "model": "enterprise linux for power little endian", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "hci compute node", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "ontap select deploy administration utility", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "codeready linux builder for ibm z systems", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-3733" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "165337" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "164948" }, { "db": "PACKETSTORM", "id": "164741" }, { "db": "PACKETSTORM", "id": "165053" }, { "db": "PACKETSTORM", "id": "165008" } ], "trust": 0.6 }, "cve": "CVE-2021-3733", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2021-3733", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "VHN-397442", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2021-3733", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-3733", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202109-1139", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-397442", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-3733", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-397442" }, { "db": "VULMON", "id": "CVE-2021-3733" }, { "db": "CNNVD", "id": "CNNVD-202109-1139" }, { "db": "NVD", "id": "CVE-2021-3733" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "There\u0027s a flaw in urllib\u0027s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. Python is an open source, object-oriented programming language developed by the Python Foundation. The language is scalable, supports modules and packages, and supports multiple platforms. A code issue vulnerability exists in Python due to a failure in the product to properly handle RCFS. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: python3.5 For Ubuntu 16.04 ESM. In Python3\u0027s Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. (CVE-2020-27619)\nThe package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. (CVE-2021-3737)\nftplib should not use the host from the PASV response (CVE-2021-4189)\nA flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like r and n in the URL path. This flaw allows an malicious user to input a crafted URL, leading to injection attacks. (CVE-2022-0391). Description:\n\nRed Hat 3scale API Management delivers centralized API management features\nthrough a distributed, cloud-hosted layer. It includes built-in features to\nhelp in building a more successful API program, including access control,\nrate limits, payment gateway integration, and developer experience tools. \n\nThis advisory is intended to use with Container Images, for Red Hat 3scale\nAPI Management 2.11.1. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1912487 - CVE-2020-26247 rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTHREESCALE-6868 - [3scale][2.11][LO-prio] Improve select default Application plan\nTHREESCALE-6879 - [3scale][2.11][HI-prio] Add \u0027Create new Application\u0027 flow to Product \u003e Applications index\nTHREESCALE-7030 - Address scalability in \u0027Create new Application\u0027 form\nTHREESCALE-7203 - Fix Zync resync command in 5.6.9. Creating equivalent Zync routes\nTHREESCALE-7475 - Some api calls result in \"Destroying user session\"\nTHREESCALE-7488 - Ability to add external Lua dependencies for custom policies\nTHREESCALE-7573 - Enable proxy environment variables via the APICAST CRD\nTHREESCALE-7605 - type change of \"policies_config\" in /admin/api/services/{service_id}/proxy.json\nTHREESCALE-7633 - Signup form in developer portal is disabled for users authenticted via external SSO\nTHREESCALE-7644 - Metrics: Service for 3scale operator is missing\nTHREESCALE-7646 - Cleanup/refactor Products and Backends index logic\nTHREESCALE-7648 - Remove \"#context-menu\" from the url\nTHREESCALE-7704 - Images based on RHEL 7 should contain at least ca-certificates-2021.2.50-72.el7_9.noarch.rpm\nTHREESCALE-7731 - Reenable operator metrics service for apicast-operator\nTHREESCALE-7761 - 3scale Operator doesn\u0027t respect *_proxy env vars\nTHREESCALE-7765 - Remove MessageBus from System\nTHREESCALE-7834 - admin can\u0027t create application when developer is not allowed to pick a plan\nTHREESCALE-7863 - Update some Obsolete API\u0027s in 3scale_v2.js\nTHREESCALE-7884 - Service top application endpoint is not working properly\nTHREESCALE-7912 - ServiceMonitor created by monitoring showing HTTP 400 error\nTHREESCALE-7913 - ServiceMonitor for 3scale operator has wide selector\n\n6. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2019088 - \"MigrationController\" CR displays syntax error when unquiescing applications\n2021666 - Route name longer than 63 characters causes direct volume migration to fail\n2021668 - \"MigrationController\" CR ignores the \"cluster_subdomain\" value for direct volume migration routes\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image\n2027196 - \"migration-controller\" pod goes into \"CrashLoopBackoff\" state if an invalid registry route is entered on the \"Clusters\" page of the web console\n2027382 - \"Copy oc describe/oc logs\" window does not close automatically after timeout\n2028841 - \"rsync-client\" container fails during direct volume migration with \"Address family not supported by protocol\" error\n2031793 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"includedResources\" resource\n2039852 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"destMigClusterRef\" or \"srcMigClusterRef\"\n\n5. ==========================================================================\nUbuntu Security Notice USN-5200-1\nDecember 17, 2021\n\npython3.7, python3.8 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n\nSummary:\n\nPython could be made to crash if it receives specially crafted input \nfrom a malicious server. \n(CVE-2020-8492)\n\nIt was discovered that the urllib.request.AbstractBasicAuthHandler class\nin Python contains regex with a quadratic worst-case time complexity. \n(CVE-2021-3737)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n libpython3.7-stdlib 3.7.5-2ubuntu1~18.04.2\n libpython3.8-stdlib 3.8.0-3ubuntu1~18.04.2\n python3.7 3.7.5-2ubuntu1~18.04.2\n python3.7-minimal 3.7.5-2ubuntu1~18.04.2\n python3.8 3.8.0-3ubuntu1~18.04.2\n python3.8-minimal 3.8.0-3ubuntu1~18.04.2\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.0 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.4/html/release_notes/\n\nSecurity fixes: \n\n* CVE-2021-33623: nodejs-trim-newlines: ReDoS in .end() method\n\n* CVE-2021-32626: redis: Lua scripts can overflow the heap-based Lua stack\n\n* CVE-2021-32627: redis: Integer overflow issue with Streams\n\n* CVE-2021-32628: redis: Integer overflow bug in the ziplist data structure\n\n* CVE-2021-32672: redis: Out of bounds read in lua debugger protocol parser\n\n* CVE-2021-32675: redis: Denial of service via Redis Standard Protocol\n(RESP) request\n\n* CVE-2021-32687: redis: Integer overflow issue with intsets\n\n* CVE-2021-32690: helm: information disclosure vulnerability\n\n* CVE-2021-32803: nodejs-tar: Insufficient symlink protection allowing\narbitrary file creation and overwrite\n\n* CVE-2021-32804: nodejs-tar: Insufficient absolute path sanitization\nallowing arbitrary file creation and overwrite\n\n* CVE-2021-23017: nginx: Off-by-one in ngx_resolver_copy() when labels are\nfollowed by a pointer to a root domain name\n\n* CVE-2021-3711: openssl: SM2 Decryption Buffer Overflow\n\n* CVE-2021-3712: openssl: Read buffer overruns processing ASN.1 strings\n\n* CVE-2021-3749: nodejs-axios: Regular expression denial of service in trim\nfunction\n\n* CVE-2021-41099: redis: Integer overflow issue with strings\n\nBug fixes:\n\n* RFE ACM Application management UI doesn\u0027t reflect object status (Bugzilla\n#1965321)\n\n* RHACM 2.4 files (Bugzilla #1983663)\n\n* Hive Operator CrashLoopBackOff when deploying ACM with latest downstream\n2.4 (Bugzilla #1993366)\n\n* submariner-addon pod failing in RHACM 2.4 latest ds snapshot (Bugzilla\n#1994668)\n\n* ACM 2.4 install on OCP 4.9 ipv6 disconnected hub fails due to\nmulticluster pod in clb (Bugzilla #2000274)\n\n* pre-network-manager-config failed due to timeout when static config is\nused (Bugzilla #2003915)\n\n* InfraEnv condition does not reflect the actual error message (Bugzilla\n#2009204, 2010030)\n\n* Flaky test point to a nil pointer conditions list (Bugzilla #2010175)\n\n* InfraEnv status shows \u0027Failed to create image: internal error (Bugzilla\n#2010272)\n\n* subctl diagnose firewall intra-cluster - failed VXLAN checks (Bugzilla\n#2013157)\n\n* pre-network-manager-config failed due to timeout when static config is\nused (Bugzilla #2014084)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name\n1965321 - RFE ACM Application management UI doesn\u0027t reflect object status\n1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method\n1978144 - CVE-2021-32690 helm: information disclosure vulnerability\n1983663 - RHACM 2.4.0 images\n1990409 - CVE-2021-32804 nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite\n1990415 - CVE-2021-32803 nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite\n1993366 - Hive Operator CrashLoopBackOff when deploying ACM with latest downstream 2.4\n1994668 - submariner-addon pod failing in RHACM 2.4 latest ds snapshot\n1995623 - CVE-2021-3711 openssl: SM2 Decryption Buffer Overflow\n1995634 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n2000274 - ACM 2.4 install on OCP 4.9 ipv6 disconnected hub fails due to multicluster pod in clb\n2003915 - pre-network-manager-config failed due to timeout when static config is used\n2009204 - InfraEnv condition does not reflect the actual error message\n2010030 - InfraEnv condition does not reflect the actual error message\n2010175 - Flaky test point to a nil pointer conditions list\n2010272 - InfraEnv status shows \u0027Failed to create image: internal error\n2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets\n2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request\n2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser\n2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure\n2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams\n2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack\n2011020 - CVE-2021-41099 redis: Integer overflow issue with strings\n2013157 - subctl diagnose firewall intra-cluster - failed VXLAN checks\n2014084 - pre-network-manager-config failed due to timeout when static config is used\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: python3 security update\nAdvisory ID: RHSA-2021:4057-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4057\nIssue date: 2021-11-02\nCVE Names: CVE-2021-3733 \n=====================================================================\n\n1. Summary:\n\nAn update for python3 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage, which includes modules, classes, exceptions, very high level\ndynamic data types and dynamic typing. Python supports interfaces to many\nsystem calls and libraries, as well as to various windowing systems. \n\nSecurity Fix(es):\n\n* python: urllib: Regular expression DoS in AbstractBasicAuthHandler\n(CVE-2021-3733)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995234 - CVE-2021-3733 python: urllib: Regular expression DoS in AbstractBasicAuthHandler\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\naarch64:\nplatform-python-debug-3.6.8-39.el8_4.aarch64.rpm\nplatform-python-devel-3.6.8-39.el8_4.aarch64.rpm\npython3-debuginfo-3.6.8-39.el8_4.aarch64.rpm\npython3-debugsource-3.6.8-39.el8_4.aarch64.rpm\npython3-idle-3.6.8-39.el8_4.aarch64.rpm\npython3-tkinter-3.6.8-39.el8_4.aarch64.rpm\n\nppc64le:\nplatform-python-debug-3.6.8-39.el8_4.ppc64le.rpm\nplatform-python-devel-3.6.8-39.el8_4.ppc64le.rpm\npython3-debuginfo-3.6.8-39.el8_4.ppc64le.rpm\npython3-debugsource-3.6.8-39.el8_4.ppc64le.rpm\npython3-idle-3.6.8-39.el8_4.ppc64le.rpm\npython3-tkinter-3.6.8-39.el8_4.ppc64le.rpm\n\ns390x:\nplatform-python-debug-3.6.8-39.el8_4.s390x.rpm\nplatform-python-devel-3.6.8-39.el8_4.s390x.rpm\npython3-debuginfo-3.6.8-39.el8_4.s390x.rpm\npython3-debugsource-3.6.8-39.el8_4.s390x.rpm\npython3-idle-3.6.8-39.el8_4.s390x.rpm\npython3-tkinter-3.6.8-39.el8_4.s390x.rpm\n\nx86_64:\nplatform-python-3.6.8-39.el8_4.i686.rpm\nplatform-python-debug-3.6.8-39.el8_4.i686.rpm\nplatform-python-debug-3.6.8-39.el8_4.x86_64.rpm\nplatform-python-devel-3.6.8-39.el8_4.i686.rpm\nplatform-python-devel-3.6.8-39.el8_4.x86_64.rpm\npython3-debuginfo-3.6.8-39.el8_4.i686.rpm\npython3-debuginfo-3.6.8-39.el8_4.x86_64.rpm\npython3-debugsource-3.6.8-39.el8_4.i686.rpm\npython3-debugsource-3.6.8-39.el8_4.x86_64.rpm\npython3-idle-3.6.8-39.el8_4.i686.rpm\npython3-idle-3.6.8-39.el8_4.x86_64.rpm\npython3-test-3.6.8-39.el8_4.i686.rpm\npython3-tkinter-3.6.8-39.el8_4.i686.rpm\npython3-tkinter-3.6.8-39.el8_4.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\npython3-3.6.8-39.el8_4.src.rpm\n\naarch64:\nplatform-python-3.6.8-39.el8_4.aarch64.rpm\npython3-debuginfo-3.6.8-39.el8_4.aarch64.rpm\npython3-debugsource-3.6.8-39.el8_4.aarch64.rpm\npython3-libs-3.6.8-39.el8_4.aarch64.rpm\npython3-test-3.6.8-39.el8_4.aarch64.rpm\n\nppc64le:\nplatform-python-3.6.8-39.el8_4.ppc64le.rpm\npython3-debuginfo-3.6.8-39.el8_4.ppc64le.rpm\npython3-debugsource-3.6.8-39.el8_4.ppc64le.rpm\npython3-libs-3.6.8-39.el8_4.ppc64le.rpm\npython3-test-3.6.8-39.el8_4.ppc64le.rpm\n\ns390x:\nplatform-python-3.6.8-39.el8_4.s390x.rpm\npython3-debuginfo-3.6.8-39.el8_4.s390x.rpm\npython3-debugsource-3.6.8-39.el8_4.s390x.rpm\npython3-libs-3.6.8-39.el8_4.s390x.rpm\npython3-test-3.6.8-39.el8_4.s390x.rpm\n\nx86_64:\nplatform-python-3.6.8-39.el8_4.x86_64.rpm\npython3-debuginfo-3.6.8-39.el8_4.i686.rpm\npython3-debuginfo-3.6.8-39.el8_4.x86_64.rpm\npython3-debugsource-3.6.8-39.el8_4.i686.rpm\npython3-debugsource-3.6.8-39.el8_4.x86_64.rpm\npython3-libs-3.6.8-39.el8_4.i686.rpm\npython3-libs-3.6.8-39.el8_4.x86_64.rpm\npython3-test-3.6.8-39.el8_4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3733\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYD6u9zjgjWX9erEAQgCbg//S3byb5BXGosk0v+LDiREjmiOkmk9QpLJ\n8SCgT7ap9IRI6rghoGv7bsLpRyydrd8KR0pIDCQOJngEGZfJEUiwk6QhdFs0JHqG\naHb1JJCBGTyQ9b0jhrKlJKCvJJk9oscRhkVn2AYm9r4fAnwzSqLaTd+8/PxJrKi+\n7M6I3xh3MYVj5j8Y56GCXYbuAxQqNRPUunzLC8tr79zuVt1iH5qAbff/Dmtkpl4A\nzDDMp42s7UN1H+Y4pRo9b7MqJLpa1GjuZWsVr53QZu4al7Cbw+iAlz4R2P3pQVKv\nuHCkl7pWi+v22po5C55+djkPPzzu0NiVJ9CLI/gtI4lx7dJ6uKqNaPvetzuaKaR5\n9HEFIRat1V/jD/boAa4gUscosId8h8Arm8UDLaIoJ5IqdNYrRb+AtXpBN2Clg0S2\nz9KLbG7jNFAH4sqmIsYz2t+O8pQteMzQdbhoSx8KdaQgIqjUBd+dBXE3P0kndc0g\n1No7qsDjavlD31uvXC6K+RO0bESW7kZbcscseO5xiiMNBCbWjKVjKo5DavNxmrTf\nW4DkMsSzmijKqBsoBgxizFiCF82NH+UXIY/PSNJ4h8KKwi377FRwVvjg8JC5TBPG\nWpg6oNbHBTrWEmdlOcL6C13gjIDVtU3lWVomlGYkb7/t4KtjiorJuzuolcqpkRVp\nYfBN+OdHhpA=\n=MOG7\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n2016256 - Release of OpenShift Serverless Eventing 1.19.0\n2016258 - Release of OpenShift Serverless Serving 1.19.0\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1998844 - virt-handler Pod is missing xorrisofs command\n2008522 - \"unable to execute QEMU agent command \u0027guest-get-users\u0027\" logs in virt-launcher pod every 10 seconds\n2010334 - VM is not able to be migrated after failed migration\n2012328 - 2.6.8 containers\n2013494 - [CNV-2.6.8] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2021-3733" }, { "db": "VULHUB", "id": "VHN-397442" }, { "db": "VULMON", "id": "CVE-2021-3733" }, { "db": "PACKETSTORM", "id": "165337" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "165361" }, { "db": "PACKETSTORM", "id": "164948" }, { "db": "PACKETSTORM", "id": "164741" }, { "db": "PACKETSTORM", "id": "165053" }, { "db": "PACKETSTORM", "id": "165008" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-3733", "trust": 2.5 }, { "db": "PACKETSTORM", "id": "164948", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "165053", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "164741", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "167043", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "165363", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164859", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164993", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202109-1139", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.4095", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.3774", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3941", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1025", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.3839", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4292", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4172", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3659", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3138", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.2021", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3979", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3700", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3813", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4307", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3589", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4238", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3519", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0245", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3878", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022051144", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022070422", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022061211", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122214", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022050235", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021112309", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "164190", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "166913", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "165008", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165337", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165361", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "167023", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-397442", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-3733", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165631", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-397442" }, { "db": "VULMON", "id": "CVE-2021-3733" }, { "db": "PACKETSTORM", "id": "165337" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "165361" }, { "db": "PACKETSTORM", "id": "164948" }, { "db": "PACKETSTORM", "id": "164741" }, { "db": "PACKETSTORM", "id": "165053" }, { "db": "PACKETSTORM", "id": "165008" }, { "db": "CNNVD", "id": "CNNVD-202109-1139" }, { "db": "NVD", "id": "CVE-2021-3733" } ] }, "id": "VAR-202109-1966", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-397442" } ], "trust": 0.01 }, "last_update_date": "2024-11-29T20:58:50.093000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SUSE Linux Enterprise Server Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=171073" }, { "title": "Red Hat: Moderate: python27-python and python27-python-pip security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221663 - Security Advisory" }, { "title": "Red Hat: Moderate: python27:2.7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221821 - Security Advisory" }, { "title": "IBM: Security Bulletin: IBM Sterling Control Center vulnerable to multiple issues to due IBM Cognos Analystics (CVE-2022-4160, CVE-2021-3733)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9d831a6a306a903e583b6a76777d1085" }, { "title": "Amazon Linux AMI: ALAS-2022-1593", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1593" }, { "title": "Amazon Linux 2: ALAS2-2022-1802", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1802" }, { "title": "IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2022-34339, CVE-2021-3712, CVE-2021-3711, CVE-2021-4160, CVE-2021-29425, CVE-2021-3733, CVE-2021-3737, CVE-2022-0391, CVE-2021-43138, CVE-2022-24758)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=cbece86f0c3bef5a678f2bb3dbbb854b" }, { "title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220056 - Security Advisory" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-3733" }, { "db": "CNNVD", "id": "CNNVD-202109-1139" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-397442" }, { "db": "NVD", "id": "CVE-2021-3733" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20220407-0001/" }, { "trust": 1.8, "url": "https://bugs.python.org/issue43075" }, { "trust": 1.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995234" }, { "trust": 1.8, "url": "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb" }, { "trust": 1.8, "url": "https://github.com/python/cpython/pull/24391" }, { "trust": 1.8, "url": "https://ubuntu.com/security/cve-2021-3733" }, { "trust": 1.6, "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html" }, { "trust": 1.6, "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2021-3733" }, { "trust": 0.6, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3733" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0245" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021112309" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3700" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.3839" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122214" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2021-3733/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3138" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164859/red-hat-security-advisory-2021-4160-03.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022051144" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022050235" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1025" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022070422" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/167043/red-hat-security-advisory-2022-1821-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164741/red-hat-security-advisory-2021-4057-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3659" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3813" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3979" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3878" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164190/ubuntu-security-notice-usn-5083-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3519" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166913/red-hat-security-advisory-2022-1663-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164948/red-hat-security-advisory-2021-4618-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4307" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.3774" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3941" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4238" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165363/ubuntu-security-notice-usn-5199-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3589" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022061211" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165053/red-hat-security-advisory-2021-4766-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164993/red-hat-security-advisory-2021-4628-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4095" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4172" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.2021" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4292" }, { "trust": 0.5, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-22946" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-33930" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-33938" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-33929" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-22947" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-33928" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33938" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33929" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33928" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33930" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-37750" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3656" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36385" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-0512" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3712" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-22924" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-36222" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-22922" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36222" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-22923" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/400.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:1663" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-center-vulnerable-to-multiple-issues-to-due-ibm-cognos-analystics-cve-2022-4160-cve-2021-3733/" }, { "trust": 0.1, "url": "https://alas.aws.amazon.com/alas-2022-1593.html" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.11/html-single/installing_3scale/index" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5191" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26247" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26247" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3200" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-25013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27823" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35522" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1870" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35524" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3575" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30758" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13558" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27645" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33574" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-5727" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13435" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5827" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24370" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-43527" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14145" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-41617" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30665" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12973" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30689" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30682" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13751" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-25014" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19603" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-25012" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35521" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-35942" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17594" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-18032" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3572" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1801" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3778" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1765" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16135" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-26927" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36084" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20847" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-17541" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3800" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36087" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27918" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36331" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30749" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30795" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-5785" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1788" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-31535" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30744" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3445" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21775" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21806" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22925" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27814" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36330" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36241" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20232" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20266" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20321" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22876" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36332" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14155" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1799" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21779" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10001" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29623" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20271" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3948" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27828" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36085" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33560" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17595" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1844" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3481" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-42574" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-25009" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1871" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-25010" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29338" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30734" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28153" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-26926" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3426" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-18218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28650" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3580" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27843" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24870" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3796" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1789" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30663" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3272" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0202" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27824" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/python3.8/3.8.0-3ubuntu1~18.04.2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8492" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3737" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-5200-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/python3.7/3.7.5-2ubuntu1~18.04.2" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-32803" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-32626" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32690" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3711" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:4618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32675" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-32675" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-32804" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23017" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-41099" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32804" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-32627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-32672" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-32690" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-32628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32626" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3711" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32672" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3749" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32687" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23017" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-32687" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32803" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:4057" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:4766" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36221" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36221" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25648" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-34558" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:4725" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29923" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3653" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29923" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34558" } ], "sources": [ { "db": "VULHUB", "id": "VHN-397442" }, { "db": "VULMON", "id": "CVE-2021-3733" }, { "db": "PACKETSTORM", "id": "165337" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "165361" }, { "db": "PACKETSTORM", "id": "164948" }, { "db": "PACKETSTORM", "id": "164741" }, { "db": "PACKETSTORM", "id": "165053" }, { "db": "PACKETSTORM", "id": "165008" }, { "db": "CNNVD", "id": "CNNVD-202109-1139" }, { "db": "NVD", "id": "CVE-2021-3733" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-397442" }, { "db": "VULMON", "id": "CVE-2021-3733" }, { "db": "PACKETSTORM", "id": "165337" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "165361" }, { "db": "PACKETSTORM", "id": "164948" }, { "db": "PACKETSTORM", "id": "164741" }, { "db": "PACKETSTORM", "id": "165053" }, { "db": "PACKETSTORM", "id": "165008" }, { "db": "CNNVD", "id": "CNNVD-202109-1139" }, { "db": "NVD", "id": "CVE-2021-3733" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-10T00:00:00", "db": "VULHUB", "id": "VHN-397442" }, { "date": "2022-03-10T00:00:00", "db": "VULMON", "id": "CVE-2021-3733" }, { "date": "2021-12-17T14:04:30", "db": "PACKETSTORM", "id": "165337" }, { "date": "2022-01-20T17:48:29", "db": "PACKETSTORM", "id": "165631" }, { "date": "2021-12-17T19:23:35", "db": "PACKETSTORM", "id": "165361" }, { "date": "2021-11-12T17:01:04", "db": "PACKETSTORM", "id": "164948" }, { "date": "2021-11-02T15:33:39", "db": "PACKETSTORM", "id": "164741" }, { "date": "2021-11-23T17:10:05", "db": "PACKETSTORM", "id": "165053" }, { "date": "2021-11-18T17:07:15", "db": "PACKETSTORM", "id": "165008" }, { "date": "2021-09-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-1139" }, { "date": "2022-03-10T17:42:59.623000", "db": "NVD", "id": "CVE-2021-3733" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-10-26T00:00:00", "db": "VULHUB", "id": "VHN-397442" }, { "date": "2022-10-26T00:00:00", "db": "VULMON", "id": "CVE-2021-3733" }, { "date": "2023-07-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-1139" }, { "date": "2024-11-21T06:22:16.753000", "db": "NVD", "id": "CVE-2021-3733" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-1139" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Python Resource Management Error Vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-1139" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-1139" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.