var-202102-1092
Vulnerability from variot
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. GNOME GLib Is vulnerable to a conversion error between numeric types.Denial of service (DoS) It may be put into a state. Currently there is no information about this vulnerability. Please keep an eye on CNNVD or manufacturer announcements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-13
https://security.gentoo.org/
Severity: Normal Title: GLib: Multiple vulnerabilities Date: July 07, 2021 Bugs: #768753, #775632 ID: 202107-13
Synopsis
Multiple vulnerabilities have been found in GLib, the worst of which could result in the arbitrary execution of code.
Background
GLib is a library providing a number of GNOME's core objects and functions.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/glib < 2.66.8 >= 2.66.8
Description
Multiple vulnerabilities have been discovered in GLib. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All GLib users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.66.8"
References
[ 1 ] CVE-2021-27218 https://nvd.nist.gov/vuln/detail/CVE-2021-27218 [ 2 ] CVE-2021-27219 https://nvd.nist.gov/vuln/detail/CVE-2021-27219 [ 3 ] CVE-2021-28153 https://nvd.nist.gov/vuln/detail/CVE-2021-28153
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202107-13
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. Description:
Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management /2.11/html-single/installing_3scale/index
- Bugs fixed (https://bugzilla.redhat.com/):
1869800 - CVE-2020-8911 aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto SDK for golang 1869801 - CVE-2020-8912 aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto SDK for golang 1930083 - CVE-2021-3442 PT RHOAM: XSS in 3scale at various places
- Summary:
An update is now available for the Migration Toolkit for Containers (MTC) 1.5.1. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Software Description: - glib2.0: GLib library of C routines
Details:
Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-27218)
Kevin Backhouse discovered that GLib incorrectly handled certain memory allocations. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-27219)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: libglib2.0-0 2.66.1-2ubuntu0.1
Ubuntu 20.04 LTS: libglib2.0-0 2.64.6-1~ubuntu20.04.2
Ubuntu 18.04 LTS: libglib2.0-0 2.56.4-0ubuntu0.18.04.7
Ubuntu 16.04 LTS: libglib2.0-0 2.48.2-0ubuntu4.7
After a standard system update you need to restart your session to make all the necessary changes. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2021:3263
Space precludes documenting all of the container images in this advisory.
Bug Fix(es):
-
Machine Config Operator degrades during cluster update with failed to convert Ignition config spec v2 to v3 (BZ#1956462)
-
OCP IPI Publish Internal - GCP: Load Balancer service with External Traffic Policy as Local is not working (BZ#1971669)
-
[4.7] Unable to attach Vsphere volume shows the error "failed to get canonical path" (BZ#1973766)
-
oc logs doesn't work with piepeline builds (BZ#1974264)
-
"provisioned registration errors" cannot be reported (BZ#1976924)
-
AWS Elastic IP permissions are incorrectly required (BZ#1981553)
-
Memory consumption (container_memory_rss) steadily growing for /system.slice/kubelet.service when FIPS enabled [ocp 4.7] (BZ#1981580)
-
Problematic Deployment creates infinite number Replicasets causing etcd to reach quota limit (BZ#1981775)
-
Size of the hostname was preventing proper DNS resolution of the worker node names (BZ#1983695)
-
(release-4.7) Insights status card shows nothing when 0 issues found (BZ#1986724)
-
drop-icmp pod blocks direct SSH access to cluster nodes (BZ#1988426)
-
Editing a Deployment drops annotations (BZ#1989642)
-
[Kuryr][4.7] Duplicated egress rule for service network in knp object (BZ#1990175)
-
Update failed - ovn-nbctl: duplicate nexthop for the same ECMP route (BZ#1991445)
-
Unable to install a zVM hosted OCP 4.7.24 on Z Cluster based on new RHCOS 47 RHEL 8.4 based build (BZ#1992240)
-
alerts: SystemMemoryExceedsReservation triggers too quickly (BZ#1992687)
-
failed to start cri-o service due to /usr/libexec/crio/conmon is missing (BZ#1993386)
-
Thanos build failure: vendor/ ignored (BZ#1994123)
-
Ipv6 IP addresses are not accepted for whitelisting (BZ#1994645)
-
upgrade from 4.6 to 4.7 to 4.8 with mcp worker "paused=true", crio report "panic: close of closed channel" which lead to a master Node go into Restart loop (BZ#1994729)
-
linuxptp-daemon crash on 4.8 (BZ#1995579)
-
long living clusters may fail to upgrade because of an invalid conmon path (BZ#1995810)
For more details about the security issue(s), refer to the CVE page(s) listed in the References section.
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.28-x86_64
The image digest is sha256:b3f38d58057a12b0477bf28971390db3e3391ce1af8ac06e35d0aa9e8d8e5966
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.28-s390x
The image digest is sha256:30c2011f6d84b16960b981a07558f96a55e59a281449d25c5ccc778aaeb2f970
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.28-ppc64le
The image digest is sha256:52ebf0db5a36434357c24a64863025730d2159a94997333f15fbe1444fa88f4f
Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1863446 - [Assisted-4.5-M2] clean all does not remove ConfigMaps and PVC 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1956462 - Machine Config Operator degrades during cluster update with failed to convert Ignition config spec v2 to v3 1971669 - OCP IPI Publish Internal - GCP: Load Balancer service with External Traffic Policy as Local is not working 1973766 - [4.7] Unable to attach Vsphere volume shows the error "failed to get canonical path" 1974264 - oc logs doesn't work with piepeline builds 1976924 - "provisioned registration errors" cannot be reported 1981553 - AWS Elastic IP permissions are incorrectly required 1981775 - Problematic Deployment creates infinite number Replicasets causing etcd to reach quota limit 1983695 - Size of the hostname was preventing proper DNS resolution of the worker node names 1986724 - (release-4.7) Insights status card shows nothing when 0 issues found 1988426 - drop-icmp pod blocks direct SSH access to cluster nodes 1989642 - Editing a Deployment drops annotations 1990175 - [Kuryr][4.7] Duplicated egress rule for service network in knp object 1991445 - Update failed - ovn-nbctl: duplicate nexthop for the same ECMP route 1992240 - Unable to install a zVM hosted OCP 4.7.24 on Z Cluster based on new RHCOS 47 RHEL 8.4 based build 1992687 - alerts: SystemMemoryExceedsReservation triggers too quickly 1993386 - failed to start cri-o service due to /usr/libexec/crio/conmon is missing 1994123 - Thanos build failure: vendor/ ignored 1994645 - Ipv6 IP addresses are not accepted for whitelisting 1994729 - upgrade from 4.6 to 4.7 to 4.8 with mcp worker "paused=true", crio report "panic: close of closed channel" which lead to a master Node go into Restart loop 1995810 - long living clusters may fail to upgrade because of an invalid conmon path 1998112 - Networking issue with vSphere clusters running HW14 and later
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: ACS 3.64 security and enhancement update Advisory ID: RHSA-2021:3146-01 Product: RHACS Advisory URL: https://access.redhat.com/errata/RHSA-2021:3146 Issue date: 2021-08-11 CVE Names: CVE-2021-27218 CVE-2021-33195 CVE-2021-33197 CVE-2021-33198 CVE-2021-34558 ==================================================================== 1. Summary:
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS).
- Red Hat Product Security has rated this update as having a "Moderate" security impact.
-
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the references section.
-
Description:
New Features The release of RHACS 3.64 provides the following new features:
- You can now use deployment and namespace annotations to define where RHACS sends the violation notifications when configuring your notifiers such as Slack, Microsoft Teams, Email, and others.
- The Red Hat Advanced Cluster Security Operator now supports the ability to allow users to set the enforcement behavior of the admission controller as part of their custom resource.
- RHACS now supports kernel modules for Ubuntu 16.04 LTS with extended security maintenance (ESM).
Security Fixes The release of RHACS 3.64 provides the following security fixes:
- golang:
netlookup functions may return invalid hostnames (CVE-2021-33195) - golang:
net/http/httputilReverseProxy forwards connection headers if the first one is empty (CVE-2021-33197) - golang:
math/big.Ratmay cause panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) - golang:
crypto/tlscertificate of the wrong type is causing TLS client to panic (CVE-2021-34558)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages in the references section.
System changes The release of RHACS 3.64 includes the following system changes:
- RHACS now pre-fixes the optional security context constraint name with
stackroxto avoid global naming conflicts. - Previously, violations for
port forwardsandexecevents did not contain information about the user who performed the action that generated the events. The violations now include the user context. - The cluster init bundles contain the secrets required for internal RHACS services to communicate with each other. You can delete these to rotate secrets, which have previously sometimes caused outages. This update includes a new deletion workflow that warns about the possible impact of deletion on your environment.
-
The OpenShift compliance operator uses
rpmonly for querying, and it does not install any packages. Therefore, this update includes a policy exception for this pod by default to reduce the violations count. -
Solution:
To take advantage of these new features and changes, please upgrade Red Hat Advanced Cluster Security for Kubernetes to version 3.64
- Bugs fixed (https://bugzilla.redhat.com/):
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
- JIRA issues fixed (https://issues.jboss.org/):
RHACS-25 - Release RHACS 3.64
- References:
https://access.redhat.com/security/cve/CVE-2021-27218 https://access.redhat.com/security/cve/CVE-2021-33195 https://access.redhat.com/security/cve/CVE-2021-33197 https://access.redhat.com/security/cve/CVE-2021-33198 https://access.redhat.com/security/cve/CVE-2021-34558 https://docs.openshift.com/acs/release_notes/364-release-notes.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYRR/dtzjgjWX9erEAQiwMg/8DLRIyhV+QWOxDgfkSsEB7xtCZGtXtaFG xj8HX+yxGvYOCZVLNK+6CR2qhr8MI28QtU4UFhO6WlbyEByVVq6tNJV6Db/ismsX 6+JTK18O+EGEjVK4dhnuvv9+u/155X6UXe60gZxcOmHI/tIiqf7Tz4TmKMsXb02R OPpgOBOEtEEbn9HiJJ9LXiaDyjKB1vSkgLv0RS4M2nvHq9XVUjLPaBq2uroSlCYr Xcne7F2mtEkltGfL3Za4hEaywSZBD0rJe0a5GS/91m3s4SgQvFTs5g4+suBxSjFG AaLpRfMuhWxpgQqYCtTswvUcMi3wsrbNgDtZN3atRruo6RlLCVVpcrDlGRD5/fxn G2YMeSg0WAJhQdU93OYpyGBdhoVdkITjqCV0TsUSDQp77gxfiZ3f+eCybxiCmeil Apb4CypEPucVBzfEi9cCJyNxQLM4p8vzCOF0qS4xiRA9ZDrwvRbdZcjsxKhczLIb gAxLesiu7tfCqLT8Yy4CqCaMlEhSS049jhj6jzlWzRmO0rgpGQfWD1hIlixV+3Xh 4URAmkmE5CRHs6kc6tT4XIS4XcAzn3TvVrMw8yo+bZFGzFMqIvYmhBxaUyYIWdZN /5zbh8OBC2KCqHyQAcL11qnid+o2cnl4mZs+gSwqOGxx8nqKrHPtnTaa2ZMXodJI QjlOAcComy8=OnA7 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat OpenShift Serverless 1.17.0 release of the OpenShift Serverless Operator. This has been fixed (CVE-2021-3703). Bugs fixed (https://bugzilla.redhat.com/):
2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1092",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "glib",
"scope": "lt",
"trust": 1.0,
"vendor": "gnome",
"version": "2.66.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "glib",
"scope": "gte",
"trust": 1.0,
"vendor": "gnome",
"version": "2.67.0"
},
{
"model": "e-series performance analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "glib",
"scope": "lt",
"trust": 1.0,
"vendor": "gnome",
"version": "2.67.4"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "brocade fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "glib",
"scope": null,
"trust": 0.8,
"vendor": "gnome",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"db": "NVD",
"id": "CVE-2021-27218"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "164511"
},
{
"db": "PACKETSTORM",
"id": "163957"
},
{
"db": "PACKETSTORM",
"id": "164028"
},
{
"db": "PACKETSTORM",
"id": "163806"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "PACKETSTORM",
"id": "165099"
}
],
"trust": 0.6
},
"cve": "CVE-2021-27218",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27218",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-386439",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27218",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-27218",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27218",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-27218",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-386439",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-27218",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386439"
},
{
"db": "VULMON",
"id": "CVE-2021-27218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"db": "NVD",
"id": "CVE-2021-27218"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. GNOME GLib Is vulnerable to a conversion error between numeric types.Denial of service (DoS) It may be put into a state. Currently there is no information about this vulnerability. Please keep an eye on CNNVD or manufacturer announcements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202107-13\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: GLib: Multiple vulnerabilities\n Date: July 07, 2021\n Bugs: #768753, #775632\n ID: 202107-13\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in GLib, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nGLib is a library providing a number of GNOME\u0027s core objects and\nfunctions. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/glib \u003c 2.66.8 \u003e= 2.66.8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in GLib. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll GLib users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/glib-2.66.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-27218\n https://nvd.nist.gov/vuln/detail/CVE-2021-27218\n[ 2 ] CVE-2021-27219\n https://nvd.nist.gov/vuln/detail/CVE-2021-27219\n[ 3 ] CVE-2021-28153\n https://nvd.nist.gov/vuln/detail/CVE-2021-28153\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-13\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n\n. Description:\n\nRed Hat 3scale API Management delivers centralized API management features\nthrough a distributed, cloud-hosted layer. It includes built-in features to\nhelp in building a more successful API program, including access control,\nrate limits, payment gateway integration, and developer experience tools. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_3scale_api_management\n/2.11/html-single/installing_3scale/index\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1869800 - CVE-2020-8911 aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto SDK for golang\n1869801 - CVE-2020-8912 aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto SDK for golang\n1930083 - CVE-2021-3442 PT RHOAM: XSS in 3scale at various places\n\n5. Summary:\n\nAn update is now available for the Migration Toolkit for Containers (MTC)\n1.5.1. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSoftware Description:\n- glib2.0: GLib library of C routines\n\nDetails:\n\nKrzesimir Nowak discovered that GLib incorrectly handled certain large\nbuffers. A remote attacker could use this issue to cause applications\nlinked to GLib to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2021-27218)\n\nKevin Backhouse discovered that GLib incorrectly handled certain memory\nallocations. A remote attacker could use this issue to cause applications\nlinked to GLib to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2021-27219)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n libglib2.0-0 2.66.1-2ubuntu0.1\n\nUbuntu 20.04 LTS:\n libglib2.0-0 2.64.6-1~ubuntu20.04.2\n\nUbuntu 18.04 LTS:\n libglib2.0-0 2.56.4-0ubuntu0.18.04.7\n\nUbuntu 16.04 LTS:\n libglib2.0-0 2.48.2-0ubuntu4.7\n\nAfter a standard system update you need to restart your session to make all\nthe necessary changes. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHBA-2021:3263\n\nSpace precludes documenting all of the container images in this advisory. \n\nBug Fix(es):\n\n* Machine Config Operator degrades during cluster update with failed to\nconvert Ignition config spec v2 to v3 (BZ#1956462)\n\n* OCP IPI Publish Internal - GCP: Load Balancer service with External\nTraffic Policy as Local is not working (BZ#1971669)\n\n* [4.7] Unable to attach Vsphere volume shows the error \"failed to get\ncanonical path\" (BZ#1973766)\n\n* oc logs doesn\u0027t work with piepeline builds (BZ#1974264)\n\n* \"provisioned registration errors\" cannot be reported (BZ#1976924)\n\n* AWS Elastic IP permissions are incorrectly required (BZ#1981553)\n\n* Memory consumption (container_memory_rss) steadily growing for\n/system.slice/kubelet.service when FIPS enabled [ocp 4.7] (BZ#1981580)\n\n* Problematic Deployment creates infinite number Replicasets causing etcd\nto reach quota limit (BZ#1981775)\n\n* Size of the hostname was preventing proper DNS resolution of the worker\nnode names (BZ#1983695)\n\n* (release-4.7) Insights status card shows nothing when 0 issues found\n(BZ#1986724)\n\n* drop-icmp pod blocks direct SSH access to cluster nodes (BZ#1988426)\n\n* Editing a Deployment drops annotations (BZ#1989642)\n\n* [Kuryr][4.7] Duplicated egress rule for service network in knp object\n(BZ#1990175)\n\n* Update failed - ovn-nbctl: duplicate nexthop for the same ECMP route\n(BZ#1991445)\n\n* Unable to install a zVM hosted OCP 4.7.24 on Z Cluster based on new RHCOS\n47 RHEL 8.4 based build (BZ#1992240)\n\n* alerts: SystemMemoryExceedsReservation triggers too quickly (BZ#1992687)\n\n* failed to start cri-o service due to /usr/libexec/crio/conmon is missing\n(BZ#1993386)\n\n* Thanos build failure: vendor/ ignored (BZ#1994123)\n\n* Ipv6 IP addresses are not accepted for whitelisting (BZ#1994645)\n\n* upgrade from 4.6 to 4.7 to 4.8 with mcp worker \"paused=true\", crio\nreport \"panic: close of closed channel\" which lead to a master Node go into\nRestart loop (BZ#1994729)\n\n* linuxptp-daemon crash on 4.8 (BZ#1995579)\n\n* long living clusters may fail to upgrade because of an invalid conmon\npath (BZ#1995810)\n\nFor more details about the security issue(s), refer to the CVE\npage(s) listed in the References section. \n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.28-x86_64\n\nThe image digest is\nsha256:b3f38d58057a12b0477bf28971390db3e3391ce1af8ac06e35d0aa9e8d8e5966\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.28-s390x\n\nThe image digest is\nsha256:30c2011f6d84b16960b981a07558f96a55e59a281449d25c5ccc778aaeb2f970\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.28-ppc64le\n\nThe image digest is\nsha256:52ebf0db5a36434357c24a64863025730d2159a94997333f15fbe1444fa88f4f\n\nInstructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1863446 - [Assisted-4.5-M2] clean all does not remove ConfigMaps and PVC\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1956462 - Machine Config Operator degrades during cluster update with failed to convert Ignition config spec v2 to v3\n1971669 - OCP IPI Publish Internal - GCP: Load Balancer service with External Traffic Policy as Local is not working\n1973766 - [4.7] Unable to attach Vsphere volume shows the error \"failed to get canonical path\"\n1974264 - oc logs doesn\u0027t work with piepeline builds\n1976924 - \"provisioned registration errors\" cannot be reported\n1981553 - AWS Elastic IP permissions are incorrectly required\n1981775 - Problematic Deployment creates infinite number Replicasets causing etcd to reach quota limit\n1983695 - Size of the hostname was preventing proper DNS resolution of the worker node names\n1986724 - (release-4.7) Insights status card shows nothing when 0 issues found\n1988426 - drop-icmp pod blocks direct SSH access to cluster nodes\n1989642 - Editing a Deployment drops annotations\n1990175 - [Kuryr][4.7] Duplicated egress rule for service network in knp object\n1991445 - Update failed - ovn-nbctl: duplicate nexthop for the same ECMP route\n1992240 - Unable to install a zVM hosted OCP 4.7.24 on Z Cluster based on new RHCOS 47 RHEL 8.4 based build\n1992687 - alerts: SystemMemoryExceedsReservation triggers too quickly\n1993386 - failed to start cri-o service due to /usr/libexec/crio/conmon is missing\n1994123 - Thanos build failure: vendor/ ignored\n1994645 - Ipv6 IP addresses are not accepted for whitelisting\n1994729 - upgrade from 4.6 to 4.7 to 4.8 with mcp worker \"paused=true\", crio report \"panic: close of closed channel\" which lead to a master Node go into Restart loop\n1995810 - long living clusters may fail to upgrade because of an invalid conmon path\n1998112 - Networking issue with vSphere clusters running HW14 and later\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: ACS 3.64 security and enhancement update\nAdvisory ID: RHSA-2021:3146-01\nProduct: RHACS\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:3146\nIssue date: 2021-08-11\nCVE Names: CVE-2021-27218 CVE-2021-33195 CVE-2021-33197\n CVE-2021-33198 CVE-2021-34558\n====================================================================\n1. Summary:\n\nUpdated images are now available for Red Hat Advanced Cluster Security for\nKubernetes (RHACS). \n\n* Red Hat Product Security has rated this update as having a \"Moderate\"\nsecurity impact. \n* A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlinks in the references section. \n\n2. Description:\n\nNew Features\nThe release of RHACS 3.64 provides the following new features:\n\n1. You can now use deployment and namespace annotations to define where\nRHACS sends the violation notifications when configuring your notifiers\nsuch as Slack, Microsoft Teams, Email, and others. \n2. The Red Hat Advanced Cluster Security Operator now supports the ability\nto allow users to set the enforcement behavior of the admission controller\nas part of their custom resource. \n3. RHACS now supports kernel modules for Ubuntu 16.04 LTS with extended\nsecurity maintenance (ESM). \n\nSecurity Fixes\nThe release of RHACS 3.64 provides the following security fixes:\n\n* golang: `net` lookup functions may return invalid hostnames\n(CVE-2021-33195)\n* golang: `net/http/httputil` ReverseProxy forwards connection headers if\nthe first one is empty (CVE-2021-33197)\n* golang: `math/big.Rat` may cause panic or an unrecoverable fatal error if\npassed inputs with very large exponents (CVE-2021-33198)\n* golang: `crypto/tls` certificate of the wrong type is causing TLS client\nto panic (CVE-2021-34558)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages in the references section. \n\nSystem changes\nThe release of RHACS 3.64 includes the following system changes:\n\n1. RHACS now pre-fixes the optional security context constraint name with\n`stackrox` to avoid global naming conflicts. \n2. Previously, violations for `port forwards` and `exec` events did not\ncontain information about the user who performed the action that generated\nthe events. The violations now include the user context. \n3. The cluster init bundles contain the secrets required for internal RHACS\nservices to communicate with each other. You can delete these to rotate\nsecrets, which have previously sometimes caused outages. This update\nincludes a new deletion workflow that warns about the possible impact of\ndeletion on your environment. \n4. The OpenShift compliance operator uses `rpm` only for querying, and it\ndoes not install any packages. Therefore, this update includes a policy\nexception for this pod by default to reduce the violations count. \n\n3. Solution:\n\nTo take advantage of these new features and changes, please upgrade Red Hat\nAdvanced Cluster Security for Kubernetes to version 3.64\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nRHACS-25 - Release RHACS 3.64\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-27218\nhttps://access.redhat.com/security/cve/CVE-2021-33195\nhttps://access.redhat.com/security/cve/CVE-2021-33197\nhttps://access.redhat.com/security/cve/CVE-2021-33198\nhttps://access.redhat.com/security/cve/CVE-2021-34558\nhttps://docs.openshift.com/acs/release_notes/364-release-notes.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYRR/dtzjgjWX9erEAQiwMg/8DLRIyhV+QWOxDgfkSsEB7xtCZGtXtaFG\nxj8HX+yxGvYOCZVLNK+6CR2qhr8MI28QtU4UFhO6WlbyEByVVq6tNJV6Db/ismsX\n6+JTK18O+EGEjVK4dhnuvv9+u/155X6UXe60gZxcOmHI/tIiqf7Tz4TmKMsXb02R\nOPpgOBOEtEEbn9HiJJ9LXiaDyjKB1vSkgLv0RS4M2nvHq9XVUjLPaBq2uroSlCYr\nXcne7F2mtEkltGfL3Za4hEaywSZBD0rJe0a5GS/91m3s4SgQvFTs5g4+suBxSjFG\nAaLpRfMuhWxpgQqYCtTswvUcMi3wsrbNgDtZN3atRruo6RlLCVVpcrDlGRD5/fxn\nG2YMeSg0WAJhQdU93OYpyGBdhoVdkITjqCV0TsUSDQp77gxfiZ3f+eCybxiCmeil\nApb4CypEPucVBzfEi9cCJyNxQLM4p8vzCOF0qS4xiRA9ZDrwvRbdZcjsxKhczLIb\ngAxLesiu7tfCqLT8Yy4CqCaMlEhSS049jhj6jzlWzRmO0rgpGQfWD1hIlixV+3Xh\n4URAmkmE5CRHs6kc6tT4XIS4XcAzn3TvVrMw8yo+bZFGzFMqIvYmhBxaUyYIWdZN\n/5zbh8OBC2KCqHyQAcL11qnid+o2cnl4mZs+gSwqOGxx8nqKrHPtnTaa2ZMXodJI\nQjlOAcComy8=OnA7\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat OpenShift Serverless 1.17.0 release of the OpenShift Serverless\nOperator. This has been fixed (CVE-2021-3703). Bugs fixed (https://bugzilla.redhat.com/):\n\n2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution\n2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport)\n2006842 - MigCluster CR remains in \"unready\" state and source registry is inaccessible after temporary shutdown of source cluster\n2007429 - \"oc describe\" and \"oc log\" commands on \"Migration resources\" tree cannot be copied after failed migration\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"db": "VULHUB",
"id": "VHN-386439"
},
{
"db": "VULMON",
"id": "CVE-2021-27218"
},
{
"db": "PACKETSTORM",
"id": "163426"
},
{
"db": "PACKETSTORM",
"id": "164511"
},
{
"db": "PACKETSTORM",
"id": "163957"
},
{
"db": "PACKETSTORM",
"id": "161714"
},
{
"db": "PACKETSTORM",
"id": "164028"
},
{
"db": "PACKETSTORM",
"id": "163806"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "PACKETSTORM",
"id": "165099"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27218",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003856",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163426",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165099",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161714",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "164856",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-386439",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-27218",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164511",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163957",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164028",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163806",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164192",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386439"
},
{
"db": "VULMON",
"id": "CVE-2021-27218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"db": "PACKETSTORM",
"id": "163426"
},
{
"db": "PACKETSTORM",
"id": "164511"
},
{
"db": "PACKETSTORM",
"id": "163957"
},
{
"db": "PACKETSTORM",
"id": "161714"
},
{
"db": "PACKETSTORM",
"id": "164028"
},
{
"db": "PACKETSTORM",
"id": "163806"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "NVD",
"id": "CVE-2021-27218"
}
]
},
"id": "VAR-202102-1092",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-386439"
}
],
"trust": 0.725
},
"last_update_date": "2024-09-19T20:27:48.927000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "gbytearray",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1711",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1711"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-27218 log"
},
{
"title": "Red Hat: Important: Service Telemetry Framework 1.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225924 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220056 - Security Advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-27218 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-27218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-681",
"trust": 1.1
},
{
"problemtype": "Incorrect conversion between numeric types (CWE-681) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386439"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"db": "NVD",
"id": "CVE-2021-27218"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"trust": 1.2,
"url": "https://security.netapp.com/advisory/ntap-20210319-0004/"
},
{
"trust": 1.2,
"url": "https://gitlab.gnome.org/gnome/glib/-/merge_requests/1942"
},
{
"trust": 1.2,
"url": "https://gitlab.gnome.org/gnome/glib/-/merge_requests/1944"
},
{
"trust": 1.2,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3cdev.mina.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2rea7rvkn7zhrljoegbrqkjipzqpaelz/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jjmpndo4gdvuryqfykfowy5haf4ftepn/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-27218"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33195"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-34558"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33197"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33198"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34558"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3609"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22543"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22555"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3609"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22555"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33196"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33196"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22543"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jjmpndo4gdvuryqfykfowy5haf4ftepn/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2rea7rvkn7zhrljoegbrqkjipzqpaelz/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3cdev.mina.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/681.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2021-1711.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8912"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8911"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3442"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8911"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3442"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3653"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8912"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3517"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/migration-toolkit-for-con"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25737"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21639"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25737"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3636"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3636"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/glib2.0/2.48.2-0ubuntu4.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/glib2.0/2.64.6-1~ubuntu20.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/glib2.0/2.56.4-0ubuntu0.18.04.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/glib2.0/2.66.1-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4759-1"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3262"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:3263"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3146"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/acs/release_notes/364-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31525"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3703"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4848"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386439"
},
{
"db": "VULMON",
"id": "CVE-2021-27218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"db": "PACKETSTORM",
"id": "163426"
},
{
"db": "PACKETSTORM",
"id": "164511"
},
{
"db": "PACKETSTORM",
"id": "163957"
},
{
"db": "PACKETSTORM",
"id": "161714"
},
{
"db": "PACKETSTORM",
"id": "164028"
},
{
"db": "PACKETSTORM",
"id": "163806"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "NVD",
"id": "CVE-2021-27218"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-386439"
},
{
"db": "VULMON",
"id": "CVE-2021-27218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"db": "PACKETSTORM",
"id": "163426"
},
{
"db": "PACKETSTORM",
"id": "164511"
},
{
"db": "PACKETSTORM",
"id": "163957"
},
{
"db": "PACKETSTORM",
"id": "161714"
},
{
"db": "PACKETSTORM",
"id": "164028"
},
{
"db": "PACKETSTORM",
"id": "163806"
},
{
"db": "PACKETSTORM",
"id": "164192"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "NVD",
"id": "CVE-2021-27218"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-15T00:00:00",
"db": "VULHUB",
"id": "VHN-386439"
},
{
"date": "2021-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27218"
},
{
"date": "2021-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"date": "2021-07-07T16:09:05",
"db": "PACKETSTORM",
"id": "163426"
},
{
"date": "2021-10-14T15:19:59",
"db": "PACKETSTORM",
"id": "164511"
},
{
"date": "2021-08-31T15:44:34",
"db": "PACKETSTORM",
"id": "163957"
},
{
"date": "2021-03-09T16:02:39",
"db": "PACKETSTORM",
"id": "161714"
},
{
"date": "2021-09-02T15:23:31",
"db": "PACKETSTORM",
"id": "164028"
},
{
"date": "2021-08-12T15:48:34",
"db": "PACKETSTORM",
"id": "163806"
},
{
"date": "2021-09-17T16:04:56",
"db": "PACKETSTORM",
"id": "164192"
},
{
"date": "2021-11-30T14:44:48",
"db": "PACKETSTORM",
"id": "165099"
},
{
"date": "2021-02-15T17:15:13.073000",
"db": "NVD",
"id": "CVE-2021-27218"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-386439"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27218"
},
{
"date": "2021-11-08T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"date": "2023-11-07T03:31:55.853000",
"db": "NVD",
"id": "CVE-2021-27218"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "161714"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNOME\u00a0GLib\u00a0 Vulnerability in conversion between numeric types in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "163426"
},
{
"db": "PACKETSTORM",
"id": "161714"
}
],
"trust": 0.2
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.