CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.
References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf Third Party Advisory
https://hackerone.com/reports/1223565 Exploit Issue Tracking Patch Third Party Advisory
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E Mailing List Third Party Advisory
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E Mailing List Third Party Advisory
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E Mailing List Third Party Advisory
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/ Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20210902-0003/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5197 Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:logo\!_cmr2040_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:logo\!_cmr2040:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:logo\!_cmr2020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:logo\!_cmr2020:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:ruggedcomrm_1224_lte_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcomrm_1224_lte:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m804pb:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:siemens:scalance_m812-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m812-1:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:siemens:scalance_m816-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m816-1:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:siemens:scalance_m826-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m826-2:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m874-2:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:siemens:scalance_m874-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m874-3:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:siemens:scalance_m876-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m876-3:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:siemens:scalance_m876-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m876-4:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:siemens:scalance_mum856-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum856-1:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:siemens:simatic_cp_1545-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1545-1:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:siemens:simatic_rtu3010c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_rtu3010c:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:siemens:simatic_rtu3030c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_rtu3030c:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:siemens:simatic_rtu3031c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_rtu3031c:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:siemens:simatic_rtu_3041c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_rtu_3041c:-:*:*:*:*:*:*:*

Configuration 26 (hide)

cpe:2.3:a:siemens:sinema_remote_connect:*:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*

Configuration 28 (hide)

OR cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*

History

27 Mar 2024, 15:11

Type Values Removed Values Added
First Time Splunk
Splunk universal Forwarder
References () https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E - () https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E - Mailing List, Third Party Advisory
References () https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E - () https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E - Mailing List, Third Party Advisory
References () https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E - () https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E - Mailing List, Third Party Advisory
References () https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E - () https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/ - Mailing List, Third Party Advisory
CPE cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*

07 Nov 2023, 03:30

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E', 'name': '[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E', 'name': '[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E', 'name': '[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E', 'name': '[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/', 'name': 'FEDORA-2021-5d21b90a30', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E -
  • () https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/ -
  • () https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E -
  • () https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E -

28 Oct 2022, 19:12

Type Values Removed Values Added
References (DEBIAN) https://www.debian.org/security/2022/dsa-5197 - (DEBIAN) https://www.debian.org/security/2022/dsa-5197 - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html - Mailing List, Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

29 Aug 2022, 01:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html -

02 Aug 2022, 03:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5197 -

28 Jul 2022, 14:05

Type Values Removed Values Added
First Time Siemens scalance M804pb
Siemens scalance M804pb Firmware
Siemens scalance M826-2
Siemens ruggedcomrm 1224 Lte
Siemens logo\! Cmr2040 Firmware
Siemens scalance M874-2
Siemens scalance M876-3
Siemens simatic Rtu 3041c
Siemens simatic Rtu3010c
Siemens scalance M812-1 Firmware
Siemens simatic Rtu3030c Firmware
Siemens logo\! Cmr2020 Firmware
Siemens scalance S615 Firmware
Siemens siplus Net Cp 1543-1 Firmware
Siemens simatic Rtu 3041c Firmware
Siemens sinec Infrastructure Network Services
Siemens scalance M816-1
Siemens scalance Mum856-1
Siemens sinema Remote Connect Server
Siemens simatic Rtu3010c Firmware
Siemens simatic Rtu3031c Firmware
Siemens scalance M874-3 Firmware
Siemens simatic Cp 1545-1 Firmware
Siemens simatic Cp 1543-1
Siemens scalance S615
Siemens scalance M874-3
Siemens siplus Net Cp 1543-1
Siemens
Siemens logo\! Cmr2020
Siemens scalance M876-4 Firmware
Siemens simatic Cp 1545-1
Siemens scalance M826-2 Firmware
Siemens simatic Cp 1543-1 Firmware
Siemens scalance M812-1
Siemens ruggedcomrm 1224 Lte Firmware
Siemens scalance M816-1 Firmware
Siemens simatic Rtu3031c
Siemens logo\! Cmr2040
Netapp cloud Backup
Siemens scalance M874-2 Firmware
Siemens scalance Mum856-1 Firmware
Siemens sinema Remote Connect
Siemens scalance M876-3 Firmware
Siemens simatic Rtu3030c
Siemens scalance M876-4
Netapp solidfire Baseboard Management Controller Firmware
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf - Third Party Advisory
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf - Patch, Third Party Advisory
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf - Third Party Advisory
CPE cpe:2.3:h:siemens:simatic_rtu3010c:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m826-2:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m876-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_rtu3010c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m812-1:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m876-4:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_rtu3030c:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcomrm_1224_lte:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:logo\!_cmr2020:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:logo\!_cmr2040_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcomrm_1224_lte_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m874-3:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m876-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1545-1:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_rtu_3041c:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum856-1:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_rtu3031c:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m874-2:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m816-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m876-3:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m826-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m812-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m804pb:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_rtu_3041c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m816-1:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1545-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_rtu3031c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:logo\!_cmr2040:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m874-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_rtu3030c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:logo\!_cmr2020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_mum856-1_firmware:*:*:*:*:*:*:*:*

14 Jun 2022, 11:15

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf -

10 May 2022, 12:15

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf -

10 Mar 2022, 17:41

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf -

04 Mar 2022, 18:43

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
First Time Oracle peoplesoft Enterprise Peopletools
References (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory

07 Feb 2022, 16:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpujan2022.html -

10 Dec 2021, 17:07

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
References (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory

20 Oct 2021, 11:16

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html -

07 Sep 2021, 15:16

Type Values Removed Values Added
CPE cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
References (MLIST) https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E - Mailing List, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20210902-0003/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20210902-0003/ - Third Party Advisory
CVSS v2 : 5.8
v3 : 7.4
v2 : 4.3
v3 : 3.7

02 Sep 2021, 09:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20210902-0003/ -

02 Sep 2021, 04:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E -
  • (MLIST) https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E -

31 Aug 2021, 22:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E -
  • (MLIST) https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E -

16 Aug 2021, 17:12

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html - Mailing List, Third Party Advisory
References (MISC) https://hackerone.com/reports/1223565 - (MISC) https://hackerone.com/reports/1223565 - Exploit, Issue Tracking, Patch, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/ - Mailing List, Third Party Advisory
CWE CWE-706
CPE cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 5.8
v3 : 7.4

13 Aug 2021, 07:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/ -

05 Aug 2021, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-08-05 21:15

Updated : 2024-03-27 15:11


NVD link : CVE-2021-22924

Mitre link : CVE-2021-22924

CVE.ORG link : CVE-2021-22924


JSON object : View

Products Affected

oracle

  • mysql_server
  • peoplesoft_enterprise_peopletools

siemens

  • scalance_m876-3
  • scalance_mum856-1
  • scalance_m874-2
  • scalance_m876-3_firmware
  • simatic_rtu3031c
  • scalance_m874-3_firmware
  • logo\!_cmr2020_firmware
  • scalance_m812-1_firmware
  • logo\!_cmr2020
  • scalance_m804pb_firmware
  • ruggedcomrm_1224_lte_firmware
  • scalance_m816-1_firmware
  • scalance_m804pb
  • simatic_cp_1545-1
  • sinema_remote_connect_server
  • logo\!_cmr2040
  • siplus_net_cp_1543-1_firmware
  • scalance_m812-1
  • scalance_mum856-1_firmware
  • simatic_rtu3010c_firmware
  • simatic_cp_1543-1
  • scalance_m826-2_firmware
  • sinema_remote_connect
  • simatic_rtu3030c_firmware
  • scalance_s615
  • simatic_rtu3010c
  • logo\!_cmr2040_firmware
  • simatic_rtu_3041c_firmware
  • scalance_m874-3
  • scalance_m816-1
  • scalance_s615_firmware
  • scalance_m874-2_firmware
  • scalance_m876-4
  • ruggedcomrm_1224_lte
  • simatic_rtu_3041c
  • siplus_net_cp_1543-1
  • scalance_m876-4_firmware
  • simatic_cp_1545-1_firmware
  • scalance_m826-2
  • simatic_rtu3030c
  • simatic_rtu3031c_firmware
  • sinec_infrastructure_network_services
  • simatic_cp_1543-1_firmware

debian

  • debian_linux

netapp

  • clustered_data_ontap
  • cloud_backup
  • solidfire_baseboard_management_controller_firmware
  • solidfire_\&_hci_management_node

splunk

  • universal_forwarder

fedoraproject

  • fedora

haxx

  • libcurl
CWE
CWE-706

Use of Incorrectly-Resolved Name or Reference

CWE-20

Improper Input Validation