CVE-2021-22924 (GCVE-0-2021-22924)

Vulnerability from cvelistv5 – Published: 2021-08-05 20:16 – Updated: 2025-06-09 15:02

Summary

Severity

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-20 - Improper Input Validation (CWE-20)

Assigner

hackerone

References

15 references

URL	Tags
https://hackerone.com/reports/1223565	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r61db8e7dcb5…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r61db8e7dcb5…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rbf4ce74b0d1…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rbf4ce74b0d1…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2021090…	x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
https://www.debian.org/security/2022/dsa-5197	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
n/a	https://github.com/curl/curl	Affected: curl 7.10.4 to and include curl 7.77.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:58:25.955Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1223565"
          },
          {
            "name": "FEDORA-2021-5d21b90a30",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"
          },
          {
            "name": "[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
          },
          {
            "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "name": "DSA-5197",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5197"
          },
          {
            "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 3.7,
              "baseSeverity": "LOW",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-22924",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-27T19:35:55.513610Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-09T15:02:19.721Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/curl/curl",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "curl 7.10.4 to and include curl 7.77.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation (CWE-20)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-29T00:06:17.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/1223565"
        },
        {
          "name": "FEDORA-2021-5d21b90a30",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"
        },
        {
          "name": "[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
        },
        {
          "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
        },
        {
          "name": "DSA-5197",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5197"
        },
        {
          "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2021-22924",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "https://github.com/curl/curl",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "curl 7.10.4 to and include curl 7.77.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Input Validation (CWE-20)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hackerone.com/reports/1223565",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/1223565"
            },
            {
              "name": "FEDORA-2021-5d21b90a30",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"
            },
            {
              "name": "[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
            },
            {
              "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210902-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
            },
            {
              "name": "DSA-5197",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5197"
            },
            {
              "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2021-22924",
    "datePublished": "2021-08-05T20:16:56.000Z",
    "dateReserved": "2021-01-06T00:00:00.000Z",
    "dateUpdated": "2025-06-09T15:02:19.721Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-22924",
      "date": "2026-05-27",
      "epss": "0.00746",
      "percentile": "0.73291"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-22924\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2021-08-05T21:15:11.380\",\"lastModified\":\"2025-06-09T15:15:24.403\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate.\"},{\"lang\":\"es\",\"value\":\"libcurl mantiene las conexiones usadas previamente en un pool de conexiones para reusarlas en posteriores transferencias, si una de ellas coincide con la configuraci\u00f3n. Debido a errores en la l\u00f3gica, la funci\u00f3n de coincidencia de la configuraci\u00f3n no ten\u00eda en cuenta \\\"issuercert\\\" y comparaba las rutas implicadas *sin tener en cuenta el caso*, que pod\u00eda conllevar a que libcurl reusara conexiones err\u00f3neas. Las rutas de los archivos son, o pueden ser, casos confidenciales en muchos sistemas, pero no en todos, y pueden incluso variar dependiendo de los sistemas de archivos usados. La comparaci\u00f3n tampoco inclu\u00eda el \\\"issuercert\\\" que una transferencia puede ajustar para calificar c\u00f3mo verificar el certificado del servidor\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-706\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.10.4\",\"versionEndExcluding\":\"7.77.0\",\"matchCriteriaId\":\"6FDD6146-08DE-414A-AF65-668F1A002099\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE996B1-6951-4F85-AA58-B99A379D2163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:solidfire_\\\\\u0026_hci_management_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6D700C5-F67F-4FFB-BE69-D524592A3D2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB9B8171-F6CA-427D-81E0-6536D3BBFA8D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.7.0\",\"versionEndIncluding\":\"5.7.36\",\"matchCriteriaId\":\"2E74B879-B396-496C-979B-8A7211EDCA0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.26\",\"matchCriteriaId\":\"709E83B4-8C66-4255-870B-2F72B37BA8C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8AF00C6-B97F-414D-A8DF-057E6BFD8597\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.1.1\",\"matchCriteriaId\":\"B0F46497-4AB0-49A7-9453-CC26837BF253\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.1\",\"matchCriteriaId\":\"98CC9C9A-FE14-4D50-A8EC-C309229356C8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:logo\\\\!_cmr2040_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F58182A-EB6D-442B-846A-8BD5BE4313E6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:logo\\\\!_cmr2040:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ED47A12-5637-40E2-BE39-B76B789C0DFD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:logo\\\\!_cmr2020_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85E0D5C4-F0DA-42D9-A594-CB1BE6E7451F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:logo\\\\!_cmr2020:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8E5F42B-63E3-4B2D-A03F-983F51EE0648\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcomrm_1224_lte_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1\",\"matchCriteriaId\":\"139740E9-9828-4F2E-B11D-3BFE1B96992C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcomrm_1224_lte:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A650A1E-4DB0-415A-9BF4-0016798CD622\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1\",\"matchCriteriaId\":\"44695DA0-6E69-4444-BEBB-391E818B9FC0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_m804pb:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6EBA42A-93FF-4883-8626-EF78D38374D3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_m812-1_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1\",\"matchCriteriaId\":\"87B7BB84-89FC-440B-9647-6D5E99C46AED\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_m812-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31EAEF72-8B41-44E0-A33B-753AF85A3106\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_m816-1_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1\",\"matchCriteriaId\":\"F93C36C9-9E80-48B6-8025-0DA656B7AE0B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_m816-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5908438F-2575-46EB-AC96-5F33D018AFAC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_m826-2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1\",\"matchCriteriaId\":\"15374104-A17C-44B4-801F-C81D3FB97527\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_m826-2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60458734-FF87-48E9-9B63-5AB9EA5ED0E5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1\",\"matchCriteriaId\":\"E587E31C-E9CA-4925-A2FE-22F46C5A3E81\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_m874-2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C933ED27-2206-4734-8EB8-6A6431D1FBF1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_m874-3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1\",\"matchCriteriaId\":\"DE82B624-BD88-4B43-A590-FF39D136A4D4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_m874-3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3258DC7-0461-4C65-8292-85C9965EA83D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_m876-3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1\",\"matchCriteriaId\":\"AC0626BD-AAE2-4853-AC96-8A3F2516A972\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_m876-3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD221BA9-3448-49E4-B3A3-D88B939785AC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_m876-4_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1\",\"matchCriteriaId\":\"60DD88D4-3DB3-473C-8613-AE425E7DF03C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_m876-4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94E4CCE9-71F7-4960-B7DE-5298EFB7C619\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_mum856-1_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1\",\"matchCriteriaId\":\"03B602E7-05E4-42F7-8850-2369F118D32C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_mum856-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17BEBCAB-D640-4F6D-9579-4A54C76D80F8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1\",\"matchCriteriaId\":\"116A0913-61A8-41EA-89D1-AC46384254B8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E917CBBB-EF41-4113-B0CA-EB91889235E7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0.22\",\"matchCriteriaId\":\"BFC6ACFD-8893-4EA3-976B-FAAF7240C5DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FDE92FB-38C7-46E8-9208-BBD7872219D5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_cp_1545-1_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.1\",\"matchCriteriaId\":\"D599BF67-DFBB-4107-ACD9-1231D12EC9B5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_cp_1545-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C557DEBB-B71C-42E5-BBCE-0CFF3D10D700\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_rtu3010c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0.14\",\"matchCriteriaId\":\"22BE5ED5-4690-4D60-AA95-915CC02266E2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_rtu3010c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F32339C-D992-45F3-B975-D3E1118B881E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_rtu3030c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0.14\",\"matchCriteriaId\":\"BD88F06C-6E0F-463C-94E5-CB68601D728E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_rtu3030c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A66DD04-4C58-45D8-A8C5-6817B05DBA14\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_rtu3031c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0.14\",\"matchCriteriaId\":\"BBFBC62C-7F21-4312-B6BB-FC80894100BB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_rtu3031c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48F0595C-286F-4EB1-8C25-D20FB92A95A0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_rtu_3041c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0.14\",\"matchCriteriaId\":\"74D4B0B4-6F7C-43CF-AFB8-6C53BA5C6577\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_rtu_3041c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F30B6004-31BF-408A-B1C5-4A7937391F41\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinema_remote_connect:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.1\",\"matchCriteriaId\":\"2C5E4FE6-D2D5-40E4-A68C-6EA6AC7E1A3C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0.22\",\"matchCriteriaId\":\"43CDCCE3-B8C0-44D4-A8A0-25C49A4EA240\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D7AB0D5-FD3E-416A-975B-D212B3350433\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndExcluding\":\"8.2.12\",\"matchCriteriaId\":\"5722E753-75DE-4944-A11B-556CB299B57D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.6\",\"matchCriteriaId\":\"DC0F9351-81A4-4FEA-B6B5-6E960A933D32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/1223565\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210902-0003/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5197\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/1223565\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210902-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5197\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://hackerone.com/reports/1223565\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/\", \"name\": \"FEDORA-2021-5d21b90a30\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html\", \"name\": \"[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E\", \"name\": \"[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E\", \"name\": \"[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E\", \"name\": \"[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E\", \"name\": \"[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210902-0003/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5197\", \"name\": \"DSA-5197\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html\", \"name\": \"[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T18:58:25.955Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-22924\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-27T19:35:55.513610Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-09T15:01:54.946Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"https://github.com/curl/curl\", \"versions\": [{\"status\": \"affected\", \"version\": \"curl 7.10.4 to and include curl 7.77.0\"}]}], \"references\": [{\"url\": \"https://hackerone.com/reports/1223565\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/\", \"name\": \"FEDORA-2021-5d21b90a30\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html\", \"name\": \"[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E\", \"name\": \"[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E\", \"name\": \"[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E\", \"name\": \"[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E\", \"name\": \"[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210902-0003/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5197\", \"name\": \"DSA-5197\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html\", \"name\": \"[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"Improper Input Validation (CWE-20)\"}]}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2022-08-29T00:06:17.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"curl 7.10.4 to and include curl 7.77.0\"}]}, \"product_name\": \"https://github.com/curl/curl\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://hackerone.com/reports/1223565\", \"name\": \"https://hackerone.com/reports/1223565\", \"refsource\": \"MISC\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/\", \"name\": \"FEDORA-2021-5d21b90a30\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html\", \"name\": \"[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E\", \"name\": \"[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E\", \"name\": \"[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E\", \"name\": \"[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E\", \"name\": \"[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210902-0003/\", \"name\": \"https://security.netapp.com/advisory/ntap-20210902-0003/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"name\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf\", \"name\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf\", \"name\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf\", \"name\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5197\", \"name\": \"DSA-5197\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html\", \"name\": \"[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update\", \"refsource\": \"MLIST\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Improper Input Validation (CWE-20)\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-22924\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"support@hackerone.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-22924\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-09T15:02:19.721Z\", \"dateReserved\": \"2021-01-06T00:00:00.000Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2021-08-05T20:16:56.000Z\", \"assignerShortName\": \"hackerone\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

SUSE-SU-2021:2425-1

Vulnerability from csaf_suse - Published: 2021-07-21 09:26 - Updated: 2021-07-21 09:26

Summary

Security update for curl

Severity

Moderate

Notes

Title of the patch: Security update for curl

Description of the patch: This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)

Patchnames: SUSE-2021-2425,SUSE-OpenStack-Cloud-9-2021-2425,SUSE-OpenStack-Cloud-Crowbar-9-2021-2425,SUSE-SLE-SAP-12-SP4-2021-2425,SUSE-SLE-SERVER-12-SP4-LTSS-2021-2425

CVE-2021-22922

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-22923

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-22924

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-22925

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

26 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1188217	self
https://bugzilla.suse.com/1188218	self
https://bugzilla.suse.com/1188219	self
https://bugzilla.suse.com/1188220	self
https://www.suse.com/security/cve/CVE-2021-22922/	self
https://www.suse.com/security/cve/CVE-2021-22923/	self
https://www.suse.com/security/cve/CVE-2021-22924/	self
https://www.suse.com/security/cve/CVE-2021-22925/	self
https://www.suse.com/security/cve/CVE-2021-22922	external
https://bugzilla.suse.com/1188217	external
https://bugzilla.suse.com/1192447	external
https://www.suse.com/security/cve/CVE-2021-22923	external
https://bugzilla.suse.com/1188218	external
https://bugzilla.suse.com/1192447	external
https://www.suse.com/security/cve/CVE-2021-22924	external
https://bugzilla.suse.com/1188219	external
https://bugzilla.suse.com/1192447	external
https://bugzilla.suse.com/1200196	external
https://www.suse.com/security/cve/CVE-2021-22925	external
https://bugzilla.suse.com/1188220	external
https://bugzilla.suse.com/1192447	external
https://bugzilla.suse.com/1200196	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for curl",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for curl fixes the following issues:\n\n- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)\n- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)\n- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)\n- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2021-2425,SUSE-OpenStack-Cloud-9-2021-2425,SUSE-OpenStack-Cloud-Crowbar-9-2021-2425,SUSE-SLE-SAP-12-SP4-2021-2425,SUSE-SLE-SERVER-12-SP4-LTSS-2021-2425",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_2425-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2021:2425-1",
        "url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212425-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2021:2425-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009187.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188217",
        "url": "https://bugzilla.suse.com/1188217"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188218",
        "url": "https://bugzilla.suse.com/1188218"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188219",
        "url": "https://bugzilla.suse.com/1188219"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188220",
        "url": "https://bugzilla.suse.com/1188220"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-22922 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-22922/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-22923 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-22923/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-22924 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-22924/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-22925 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-22925/"
      }
    ],
    "title": "Security update for curl",
    "tracking": {
      "current_release_date": "2021-07-21T09:26:20Z",
      "generator": {
        "date": "2021-07-21T09:26:20Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2021:2425-1",
      "initial_release_date": "2021-07-21T09:26:20Z",
      "revision_history": [
        {
          "date": "2021-07-21T09:26:20Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-4.25.1.aarch64",
                "product": {
                  "name": "curl-7.60.0-4.25.1.aarch64",
                  "product_id": "curl-7.60.0-4.25.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-4.25.1.aarch64",
                "product": {
                  "name": "curl-mini-7.60.0-4.25.1.aarch64",
                  "product_id": "curl-mini-7.60.0-4.25.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-4.25.1.aarch64",
                "product": {
                  "name": "libcurl-devel-7.60.0-4.25.1.aarch64",
                  "product_id": "libcurl-devel-7.60.0-4.25.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-4.25.1.aarch64",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-4.25.1.aarch64",
                  "product_id": "libcurl-mini-devel-7.60.0-4.25.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-4.25.1.aarch64",
                "product": {
                  "name": "libcurl4-7.60.0-4.25.1.aarch64",
                  "product_id": "libcurl4-7.60.0-4.25.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-4.25.1.aarch64",
                "product": {
                  "name": "libcurl4-mini-7.60.0-4.25.1.aarch64",
                  "product_id": "libcurl4-mini-7.60.0-4.25.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libcurl-devel-64bit-7.60.0-4.25.1.aarch64_ilp32",
                "product": {
                  "name": "libcurl-devel-64bit-7.60.0-4.25.1.aarch64_ilp32",
                  "product_id": "libcurl-devel-64bit-7.60.0-4.25.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-64bit-7.60.0-4.25.1.aarch64_ilp32",
                "product": {
                  "name": "libcurl4-64bit-7.60.0-4.25.1.aarch64_ilp32",
                  "product_id": "libcurl4-64bit-7.60.0-4.25.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-4.25.1.i586",
                "product": {
                  "name": "curl-7.60.0-4.25.1.i586",
                  "product_id": "curl-7.60.0-4.25.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-4.25.1.i586",
                "product": {
                  "name": "curl-mini-7.60.0-4.25.1.i586",
                  "product_id": "curl-mini-7.60.0-4.25.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-4.25.1.i586",
                "product": {
                  "name": "libcurl-devel-7.60.0-4.25.1.i586",
                  "product_id": "libcurl-devel-7.60.0-4.25.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-4.25.1.i586",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-4.25.1.i586",
                  "product_id": "libcurl-mini-devel-7.60.0-4.25.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-4.25.1.i586",
                "product": {
                  "name": "libcurl4-7.60.0-4.25.1.i586",
                  "product_id": "libcurl4-7.60.0-4.25.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-4.25.1.i586",
                "product": {
                  "name": "libcurl4-mini-7.60.0-4.25.1.i586",
                  "product_id": "libcurl4-mini-7.60.0-4.25.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-4.25.1.ppc64le",
                "product": {
                  "name": "curl-7.60.0-4.25.1.ppc64le",
                  "product_id": "curl-7.60.0-4.25.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-4.25.1.ppc64le",
                "product": {
                  "name": "curl-mini-7.60.0-4.25.1.ppc64le",
                  "product_id": "curl-mini-7.60.0-4.25.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-4.25.1.ppc64le",
                "product": {
                  "name": "libcurl-devel-7.60.0-4.25.1.ppc64le",
                  "product_id": "libcurl-devel-7.60.0-4.25.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-4.25.1.ppc64le",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-4.25.1.ppc64le",
                  "product_id": "libcurl-mini-devel-7.60.0-4.25.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-4.25.1.ppc64le",
                "product": {
                  "name": "libcurl4-7.60.0-4.25.1.ppc64le",
                  "product_id": "libcurl4-7.60.0-4.25.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-4.25.1.ppc64le",
                "product": {
                  "name": "libcurl4-mini-7.60.0-4.25.1.ppc64le",
                  "product_id": "libcurl4-mini-7.60.0-4.25.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-4.25.1.s390",
                "product": {
                  "name": "curl-7.60.0-4.25.1.s390",
                  "product_id": "curl-7.60.0-4.25.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-4.25.1.s390",
                "product": {
                  "name": "curl-mini-7.60.0-4.25.1.s390",
                  "product_id": "curl-mini-7.60.0-4.25.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-4.25.1.s390",
                "product": {
                  "name": "libcurl-devel-7.60.0-4.25.1.s390",
                  "product_id": "libcurl-devel-7.60.0-4.25.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-4.25.1.s390",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-4.25.1.s390",
                  "product_id": "libcurl-mini-devel-7.60.0-4.25.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-4.25.1.s390",
                "product": {
                  "name": "libcurl4-7.60.0-4.25.1.s390",
                  "product_id": "libcurl4-7.60.0-4.25.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-4.25.1.s390",
                "product": {
                  "name": "libcurl4-mini-7.60.0-4.25.1.s390",
                  "product_id": "libcurl4-mini-7.60.0-4.25.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-4.25.1.s390x",
                "product": {
                  "name": "curl-7.60.0-4.25.1.s390x",
                  "product_id": "curl-7.60.0-4.25.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-4.25.1.s390x",
                "product": {
                  "name": "curl-mini-7.60.0-4.25.1.s390x",
                  "product_id": "curl-mini-7.60.0-4.25.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-4.25.1.s390x",
                "product": {
                  "name": "libcurl-devel-7.60.0-4.25.1.s390x",
                  "product_id": "libcurl-devel-7.60.0-4.25.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-32bit-7.60.0-4.25.1.s390x",
                "product": {
                  "name": "libcurl-devel-32bit-7.60.0-4.25.1.s390x",
                  "product_id": "libcurl-devel-32bit-7.60.0-4.25.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-4.25.1.s390x",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-4.25.1.s390x",
                  "product_id": "libcurl-mini-devel-7.60.0-4.25.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-4.25.1.s390x",
                "product": {
                  "name": "libcurl4-7.60.0-4.25.1.s390x",
                  "product_id": "libcurl4-7.60.0-4.25.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-32bit-7.60.0-4.25.1.s390x",
                "product": {
                  "name": "libcurl4-32bit-7.60.0-4.25.1.s390x",
                  "product_id": "libcurl4-32bit-7.60.0-4.25.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-4.25.1.s390x",
                "product": {
                  "name": "libcurl4-mini-7.60.0-4.25.1.s390x",
                  "product_id": "libcurl4-mini-7.60.0-4.25.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-4.25.1.x86_64",
                "product": {
                  "name": "curl-7.60.0-4.25.1.x86_64",
                  "product_id": "curl-7.60.0-4.25.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-4.25.1.x86_64",
                "product": {
                  "name": "curl-mini-7.60.0-4.25.1.x86_64",
                  "product_id": "curl-mini-7.60.0-4.25.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-4.25.1.x86_64",
                "product": {
                  "name": "libcurl-devel-7.60.0-4.25.1.x86_64",
                  "product_id": "libcurl-devel-7.60.0-4.25.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-32bit-7.60.0-4.25.1.x86_64",
                "product": {
                  "name": "libcurl-devel-32bit-7.60.0-4.25.1.x86_64",
                  "product_id": "libcurl-devel-32bit-7.60.0-4.25.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-4.25.1.x86_64",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-4.25.1.x86_64",
                  "product_id": "libcurl-mini-devel-7.60.0-4.25.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-4.25.1.x86_64",
                "product": {
                  "name": "libcurl4-7.60.0-4.25.1.x86_64",
                  "product_id": "libcurl4-7.60.0-4.25.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-32bit-7.60.0-4.25.1.x86_64",
                "product": {
                  "name": "libcurl4-32bit-7.60.0-4.25.1.x86_64",
                  "product_id": "libcurl4-32bit-7.60.0-4.25.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-4.25.1.x86_64",
                "product": {
                  "name": "libcurl4-mini-7.60.0-4.25.1.x86_64",
                  "product_id": "libcurl4-mini-7.60.0-4.25.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 9",
                "product": {
                  "name": "SUSE OpenStack Cloud 9",
                  "product_id": "SUSE OpenStack Cloud 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud Crowbar 9",
                "product": {
                  "name": "SUSE OpenStack Cloud Crowbar 9",
                  "product_id": "SUSE OpenStack Cloud Crowbar 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-4.25.1.x86_64 as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64"
        },
        "product_reference": "curl-7.60.0-4.25.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-4.25.1.x86_64 as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-4.25.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-4.25.1.x86_64 as component of SUSE OpenStack Cloud 9",
          "product_id": "SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-4.25.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-4.25.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64"
        },
        "product_reference": "curl-7.60.0-4.25.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-4.25.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-4.25.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-4.25.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
          "product_id": "SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-4.25.1.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-4.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le"
        },
        "product_reference": "curl-7.60.0-4.25.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-4.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64"
        },
        "product_reference": "curl-7.60.0-4.25.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-4.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le"
        },
        "product_reference": "libcurl4-7.60.0-4.25.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-4.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-4.25.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-4.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-4.25.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-4.25.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64"
        },
        "product_reference": "curl-7.60.0-4.25.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-4.25.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le"
        },
        "product_reference": "curl-7.60.0-4.25.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-4.25.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x"
        },
        "product_reference": "curl-7.60.0-4.25.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-4.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64"
        },
        "product_reference": "curl-7.60.0-4.25.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-4.25.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64"
        },
        "product_reference": "libcurl4-7.60.0-4.25.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-4.25.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le"
        },
        "product_reference": "libcurl4-7.60.0-4.25.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-4.25.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x"
        },
        "product_reference": "libcurl4-7.60.0-4.25.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-4.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-4.25.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-4.25.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x"
        },
        "product_reference": "libcurl4-32bit-7.60.0-4.25.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-4.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-4.25.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-22922",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-22922"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-22922",
          "url": "https://www.suse.com/security/cve/CVE-2021-22922"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188217 for CVE-2021-22922",
          "url": "https://bugzilla.suse.com/1188217"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192447 for CVE-2021-22922",
          "url": "https://bugzilla.suse.com/1192447"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-21T09:26:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-22922"
    },
    {
      "cve": "CVE-2021-22923",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-22923"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user\u0027s expectations and intentions and without telling the user it happened.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-22923",
          "url": "https://www.suse.com/security/cve/CVE-2021-22923"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188218 for CVE-2021-22923",
          "url": "https://bugzilla.suse.com/1188218"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192447 for CVE-2021-22923",
          "url": "https://bugzilla.suse.com/1192447"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-21T09:26:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-22923"
    },
    {
      "cve": "CVE-2021-22924",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-22924"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-22924",
          "url": "https://www.suse.com/security/cve/CVE-2021-22924"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188219 for CVE-2021-22924",
          "url": "https://bugzilla.suse.com/1188219"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192447 for CVE-2021-22924",
          "url": "https://bugzilla.suse.com/1192447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200196 for CVE-2021-22924",
          "url": "https://bugzilla.suse.com/1200196"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-21T09:26:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-22924"
    },
    {
      "cve": "CVE-2021-22925",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-22925"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x",
          "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
          "SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-22925",
          "url": "https://www.suse.com/security/cve/CVE-2021-22925"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188220 for CVE-2021-22925",
          "url": "https://bugzilla.suse.com/1188220"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192447 for CVE-2021-22925",
          "url": "https://bugzilla.suse.com/1192447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200196 for CVE-2021-22925",
          "url": "https://bugzilla.suse.com/1200196"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:curl-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.s390x",
            "SUSE Linux Enterprise Server 12 SP4-LTSS:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:curl-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud 9:libcurl4-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:curl-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libcurl4-32bit-7.60.0-4.25.1.x86_64",
            "SUSE OpenStack Cloud Crowbar 9:libcurl4-7.60.0-4.25.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-21T09:26:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-22925"
    }
  ]
}

SUSE-SU-2021:2439-1

Vulnerability from csaf_suse - Published: 2021-07-21 11:47 - Updated: 2021-07-21 11:47

Summary

Security update for curl

Severity

Moderate

Notes

Title of the patch: Security update for curl

Patchnames: SUSE-2021-2439,SUSE-SLE-Module-Basesystem-15-SP2-2021-2439,SUSE-SLE-Module-Basesystem-15-SP3-2021-2439,SUSE-SUSE-MicroOS-5.0-2021-2439

CVE-2021-22922

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 30 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-22923

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 30 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-22924

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 30 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-22925

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 30 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

26 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1188217	self
https://bugzilla.suse.com/1188218	self
https://bugzilla.suse.com/1188219	self
https://bugzilla.suse.com/1188220	self
https://www.suse.com/security/cve/CVE-2021-22922/	self
https://www.suse.com/security/cve/CVE-2021-22923/	self
https://www.suse.com/security/cve/CVE-2021-22924/	self
https://www.suse.com/security/cve/CVE-2021-22925/	self
https://www.suse.com/security/cve/CVE-2021-22922	external
https://bugzilla.suse.com/1188217	external
https://bugzilla.suse.com/1192447	external
https://www.suse.com/security/cve/CVE-2021-22923	external
https://bugzilla.suse.com/1188218	external
https://bugzilla.suse.com/1192447	external
https://www.suse.com/security/cve/CVE-2021-22924	external
https://bugzilla.suse.com/1188219	external
https://bugzilla.suse.com/1192447	external
https://bugzilla.suse.com/1200196	external
https://www.suse.com/security/cve/CVE-2021-22925	external
https://bugzilla.suse.com/1188220	external
https://bugzilla.suse.com/1192447	external
https://bugzilla.suse.com/1200196	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for curl",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for curl fixes the following issues:\n\n- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)\n- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)\n- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)\n- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2021-2439,SUSE-SLE-Module-Basesystem-15-SP2-2021-2439,SUSE-SLE-Module-Basesystem-15-SP3-2021-2439,SUSE-SUSE-MicroOS-5.0-2021-2439",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_2439-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2021:2439-1",
        "url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212439-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2021:2439-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009197.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188217",
        "url": "https://bugzilla.suse.com/1188217"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188218",
        "url": "https://bugzilla.suse.com/1188218"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188219",
        "url": "https://bugzilla.suse.com/1188219"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188220",
        "url": "https://bugzilla.suse.com/1188220"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-22922 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-22922/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-22923 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-22923/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-22924 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-22924/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-22925 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-22925/"
      }
    ],
    "title": "Security update for curl",
    "tracking": {
      "current_release_date": "2021-07-21T11:47:05Z",
      "generator": {
        "date": "2021-07-21T11:47:05Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2021:2439-1",
      "initial_release_date": "2021-07-21T11:47:05Z",
      "revision_history": [
        {
          "date": "2021-07-21T11:47:05Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.66.0-4.22.1.aarch64",
                "product": {
                  "name": "curl-7.66.0-4.22.1.aarch64",
                  "product_id": "curl-7.66.0-4.22.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.66.0-4.22.1.aarch64",
                "product": {
                  "name": "curl-mini-7.66.0-4.22.1.aarch64",
                  "product_id": "curl-mini-7.66.0-4.22.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.66.0-4.22.1.aarch64",
                "product": {
                  "name": "libcurl-devel-7.66.0-4.22.1.aarch64",
                  "product_id": "libcurl-devel-7.66.0-4.22.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.66.0-4.22.1.aarch64",
                "product": {
                  "name": "libcurl-mini-devel-7.66.0-4.22.1.aarch64",
                  "product_id": "libcurl-mini-devel-7.66.0-4.22.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.66.0-4.22.1.aarch64",
                "product": {
                  "name": "libcurl4-7.66.0-4.22.1.aarch64",
                  "product_id": "libcurl4-7.66.0-4.22.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.66.0-4.22.1.aarch64",
                "product": {
                  "name": "libcurl4-mini-7.66.0-4.22.1.aarch64",
                  "product_id": "libcurl4-mini-7.66.0-4.22.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libcurl-devel-64bit-7.66.0-4.22.1.aarch64_ilp32",
                "product": {
                  "name": "libcurl-devel-64bit-7.66.0-4.22.1.aarch64_ilp32",
                  "product_id": "libcurl-devel-64bit-7.66.0-4.22.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-64bit-7.66.0-4.22.1.aarch64_ilp32",
                "product": {
                  "name": "libcurl4-64bit-7.66.0-4.22.1.aarch64_ilp32",
                  "product_id": "libcurl4-64bit-7.66.0-4.22.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.66.0-4.22.1.i586",
                "product": {
                  "name": "curl-7.66.0-4.22.1.i586",
                  "product_id": "curl-7.66.0-4.22.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.66.0-4.22.1.i586",
                "product": {
                  "name": "curl-mini-7.66.0-4.22.1.i586",
                  "product_id": "curl-mini-7.66.0-4.22.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.66.0-4.22.1.i586",
                "product": {
                  "name": "libcurl-devel-7.66.0-4.22.1.i586",
                  "product_id": "libcurl-devel-7.66.0-4.22.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.66.0-4.22.1.i586",
                "product": {
                  "name": "libcurl-mini-devel-7.66.0-4.22.1.i586",
                  "product_id": "libcurl-mini-devel-7.66.0-4.22.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.66.0-4.22.1.i586",
                "product": {
                  "name": "libcurl4-7.66.0-4.22.1.i586",
                  "product_id": "libcurl4-7.66.0-4.22.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.66.0-4.22.1.i586",
                "product": {
                  "name": "libcurl4-mini-7.66.0-4.22.1.i586",
                  "product_id": "libcurl4-mini-7.66.0-4.22.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.66.0-4.22.1.ppc64le",
                "product": {
                  "name": "curl-7.66.0-4.22.1.ppc64le",
                  "product_id": "curl-7.66.0-4.22.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.66.0-4.22.1.ppc64le",
                "product": {
                  "name": "curl-mini-7.66.0-4.22.1.ppc64le",
                  "product_id": "curl-mini-7.66.0-4.22.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.66.0-4.22.1.ppc64le",
                "product": {
                  "name": "libcurl-devel-7.66.0-4.22.1.ppc64le",
                  "product_id": "libcurl-devel-7.66.0-4.22.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.66.0-4.22.1.ppc64le",
                "product": {
                  "name": "libcurl-mini-devel-7.66.0-4.22.1.ppc64le",
                  "product_id": "libcurl-mini-devel-7.66.0-4.22.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.66.0-4.22.1.ppc64le",
                "product": {
                  "name": "libcurl4-7.66.0-4.22.1.ppc64le",
                  "product_id": "libcurl4-7.66.0-4.22.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.66.0-4.22.1.ppc64le",
                "product": {
                  "name": "libcurl4-mini-7.66.0-4.22.1.ppc64le",
                  "product_id": "libcurl4-mini-7.66.0-4.22.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.66.0-4.22.1.s390x",
                "product": {
                  "name": "curl-7.66.0-4.22.1.s390x",
                  "product_id": "curl-7.66.0-4.22.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.66.0-4.22.1.s390x",
                "product": {
                  "name": "curl-mini-7.66.0-4.22.1.s390x",
                  "product_id": "curl-mini-7.66.0-4.22.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.66.0-4.22.1.s390x",
                "product": {
                  "name": "libcurl-devel-7.66.0-4.22.1.s390x",
                  "product_id": "libcurl-devel-7.66.0-4.22.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.66.0-4.22.1.s390x",
                "product": {
                  "name": "libcurl-mini-devel-7.66.0-4.22.1.s390x",
                  "product_id": "libcurl-mini-devel-7.66.0-4.22.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.66.0-4.22.1.s390x",
                "product": {
                  "name": "libcurl4-7.66.0-4.22.1.s390x",
                  "product_id": "libcurl4-7.66.0-4.22.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.66.0-4.22.1.s390x",
                "product": {
                  "name": "libcurl4-mini-7.66.0-4.22.1.s390x",
                  "product_id": "libcurl4-mini-7.66.0-4.22.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.66.0-4.22.1.x86_64",
                "product": {
                  "name": "curl-7.66.0-4.22.1.x86_64",
                  "product_id": "curl-7.66.0-4.22.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.66.0-4.22.1.x86_64",
                "product": {
                  "name": "curl-mini-7.66.0-4.22.1.x86_64",
                  "product_id": "curl-mini-7.66.0-4.22.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.66.0-4.22.1.x86_64",
                "product": {
                  "name": "libcurl-devel-7.66.0-4.22.1.x86_64",
                  "product_id": "libcurl-devel-7.66.0-4.22.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-32bit-7.66.0-4.22.1.x86_64",
                "product": {
                  "name": "libcurl-devel-32bit-7.66.0-4.22.1.x86_64",
                  "product_id": "libcurl-devel-32bit-7.66.0-4.22.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.66.0-4.22.1.x86_64",
                "product": {
                  "name": "libcurl-mini-devel-7.66.0-4.22.1.x86_64",
                  "product_id": "libcurl-mini-devel-7.66.0-4.22.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.66.0-4.22.1.x86_64",
                "product": {
                  "name": "libcurl4-7.66.0-4.22.1.x86_64",
                  "product_id": "libcurl4-7.66.0-4.22.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-32bit-7.66.0-4.22.1.x86_64",
                "product": {
                  "name": "libcurl4-32bit-7.66.0-4.22.1.x86_64",
                  "product_id": "libcurl4-32bit-7.66.0-4.22.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.66.0-4.22.1.x86_64",
                "product": {
                  "name": "libcurl4-mini-7.66.0-4.22.1.x86_64",
                  "product_id": "libcurl4-mini-7.66.0-4.22.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.0",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.0",
                  "product_id": "SUSE Linux Enterprise Micro 5.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-microos:5.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.66.0-4.22.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64"
        },
        "product_reference": "curl-7.66.0-4.22.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.66.0-4.22.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le"
        },
        "product_reference": "curl-7.66.0-4.22.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.66.0-4.22.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x"
        },
        "product_reference": "curl-7.66.0-4.22.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.66.0-4.22.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64"
        },
        "product_reference": "curl-7.66.0-4.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.66.0-4.22.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64"
        },
        "product_reference": "libcurl-devel-7.66.0-4.22.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.66.0-4.22.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le"
        },
        "product_reference": "libcurl-devel-7.66.0-4.22.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.66.0-4.22.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x"
        },
        "product_reference": "libcurl-devel-7.66.0-4.22.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.66.0-4.22.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.66.0-4.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.66.0-4.22.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64"
        },
        "product_reference": "libcurl4-7.66.0-4.22.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.66.0-4.22.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le"
        },
        "product_reference": "libcurl4-7.66.0-4.22.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.66.0-4.22.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x"
        },
        "product_reference": "libcurl4-7.66.0-4.22.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.66.0-4.22.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64"
        },
        "product_reference": "libcurl4-7.66.0-4.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.66.0-4.22.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.66.0-4.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.66.0-4.22.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64"
        },
        "product_reference": "curl-7.66.0-4.22.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.66.0-4.22.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le"
        },
        "product_reference": "curl-7.66.0-4.22.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.66.0-4.22.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x"
        },
        "product_reference": "curl-7.66.0-4.22.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.66.0-4.22.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64"
        },
        "product_reference": "curl-7.66.0-4.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.66.0-4.22.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64"
        },
        "product_reference": "libcurl-devel-7.66.0-4.22.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.66.0-4.22.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le"
        },
        "product_reference": "libcurl-devel-7.66.0-4.22.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.66.0-4.22.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x"
        },
        "product_reference": "libcurl-devel-7.66.0-4.22.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.66.0-4.22.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.66.0-4.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.66.0-4.22.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64"
        },
        "product_reference": "libcurl4-7.66.0-4.22.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.66.0-4.22.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le"
        },
        "product_reference": "libcurl4-7.66.0-4.22.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.66.0-4.22.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x"
        },
        "product_reference": "libcurl4-7.66.0-4.22.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.66.0-4.22.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64"
        },
        "product_reference": "libcurl4-7.66.0-4.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.66.0-4.22.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.66.0-4.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.66.0-4.22.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0",
          "product_id": "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64"
        },
        "product_reference": "curl-7.66.0-4.22.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.66.0-4.22.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
          "product_id": "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64"
        },
        "product_reference": "curl-7.66.0-4.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.66.0-4.22.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0",
          "product_id": "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64"
        },
        "product_reference": "libcurl4-7.66.0-4.22.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.66.0-4.22.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
          "product_id": "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64"
        },
        "product_reference": "libcurl4-7.66.0-4.22.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-22922",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-22922"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-22922",
          "url": "https://www.suse.com/security/cve/CVE-2021-22922"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188217 for CVE-2021-22922",
          "url": "https://bugzilla.suse.com/1188217"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192447 for CVE-2021-22922",
          "url": "https://bugzilla.suse.com/1192447"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-21T11:47:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-22922"
    },
    {
      "cve": "CVE-2021-22923",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-22923"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user\u0027s expectations and intentions and without telling the user it happened.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-22923",
          "url": "https://www.suse.com/security/cve/CVE-2021-22923"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188218 for CVE-2021-22923",
          "url": "https://bugzilla.suse.com/1188218"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192447 for CVE-2021-22923",
          "url": "https://bugzilla.suse.com/1192447"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-21T11:47:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-22923"
    },
    {
      "cve": "CVE-2021-22924",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-22924"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-22924",
          "url": "https://www.suse.com/security/cve/CVE-2021-22924"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188219 for CVE-2021-22924",
          "url": "https://bugzilla.suse.com/1188219"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192447 for CVE-2021-22924",
          "url": "https://bugzilla.suse.com/1192447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200196 for CVE-2021-22924",
          "url": "https://bugzilla.suse.com/1200196"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-21T11:47:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-22924"
    },
    {
      "cve": "CVE-2021-22925",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-22925"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-22925",
          "url": "https://www.suse.com/security/cve/CVE-2021-22925"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188220 for CVE-2021-22925",
          "url": "https://bugzilla.suse.com/1188220"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192447 for CVE-2021-22925",
          "url": "https://bugzilla.suse.com/1192447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200196 for CVE-2021-22925",
          "url": "https://bugzilla.suse.com/1200196"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Micro 5.0:libcurl4-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl-devel-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-32bit-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP2:libcurl4-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:curl-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl-devel-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-32bit-7.66.0-4.22.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP3:libcurl4-7.66.0-4.22.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-21T11:47:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-22925"
    }
  ]
}

SUSE-SU-2021:2440-1

Vulnerability from csaf_suse - Published: 2021-07-21 11:48 - Updated: 2021-07-21 11:48

Summary

Security update for curl

Severity

Moderate

Notes

Title of the patch: Security update for curl

Patchnames: SUSE-2021-2440,SUSE-SLE-Product-HPC-15-2021-2440,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2440,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2440,SUSE-SLE-Product-SLES-15-2021-2440,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2440,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2440,SUSE-SLE-Product-SLES_SAP-15-2021-2440,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2440,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2440,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2440,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2440,SUSE-Storage-6-2021-2440

CVE-2021-22922

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 97 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-22923

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 97 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-22924

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 97 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-22925

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 97 products

Product	Version	Remediation
Unresolved product id: SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

26 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1188217	self
https://bugzilla.suse.com/1188218	self
https://bugzilla.suse.com/1188219	self
https://bugzilla.suse.com/1188220	self
https://www.suse.com/security/cve/CVE-2021-22922/	self
https://www.suse.com/security/cve/CVE-2021-22923/	self
https://www.suse.com/security/cve/CVE-2021-22924/	self
https://www.suse.com/security/cve/CVE-2021-22925/	self
https://www.suse.com/security/cve/CVE-2021-22922	external
https://bugzilla.suse.com/1188217	external
https://bugzilla.suse.com/1192447	external
https://www.suse.com/security/cve/CVE-2021-22923	external
https://bugzilla.suse.com/1188218	external
https://bugzilla.suse.com/1192447	external
https://www.suse.com/security/cve/CVE-2021-22924	external
https://bugzilla.suse.com/1188219	external
https://bugzilla.suse.com/1192447	external
https://bugzilla.suse.com/1200196	external
https://www.suse.com/security/cve/CVE-2021-22925	external
https://bugzilla.suse.com/1188220	external
https://bugzilla.suse.com/1192447	external
https://bugzilla.suse.com/1200196	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for curl",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for curl fixes the following issues:\n\n- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)\n- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)\n- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)\n- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2021-2440,SUSE-SLE-Product-HPC-15-2021-2440,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2440,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2440,SUSE-SLE-Product-SLES-15-2021-2440,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2440,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2440,SUSE-SLE-Product-SLES_SAP-15-2021-2440,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2440,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2440,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2440,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2440,SUSE-Storage-6-2021-2440",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_2440-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2021:2440-1",
        "url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212440-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2021:2440-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009199.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188217",
        "url": "https://bugzilla.suse.com/1188217"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188218",
        "url": "https://bugzilla.suse.com/1188218"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188219",
        "url": "https://bugzilla.suse.com/1188219"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188220",
        "url": "https://bugzilla.suse.com/1188220"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-22922 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-22922/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-22923 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-22923/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-22924 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-22924/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-22925 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-22925/"
      }
    ],
    "title": "Security update for curl",
    "tracking": {
      "current_release_date": "2021-07-21T11:48:57Z",
      "generator": {
        "date": "2021-07-21T11:48:57Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2021:2440-1",
      "initial_release_date": "2021-07-21T11:48:57Z",
      "revision_history": [
        {
          "date": "2021-07-21T11:48:57Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-3.47.1.aarch64",
                "product": {
                  "name": "curl-7.60.0-3.47.1.aarch64",
                  "product_id": "curl-7.60.0-3.47.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-3.47.1.aarch64",
                "product": {
                  "name": "curl-mini-7.60.0-3.47.1.aarch64",
                  "product_id": "curl-mini-7.60.0-3.47.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-3.47.1.aarch64",
                "product": {
                  "name": "libcurl-devel-7.60.0-3.47.1.aarch64",
                  "product_id": "libcurl-devel-7.60.0-3.47.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-3.47.1.aarch64",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-3.47.1.aarch64",
                  "product_id": "libcurl-mini-devel-7.60.0-3.47.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-3.47.1.aarch64",
                "product": {
                  "name": "libcurl4-7.60.0-3.47.1.aarch64",
                  "product_id": "libcurl4-7.60.0-3.47.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-3.47.1.aarch64",
                "product": {
                  "name": "libcurl4-mini-7.60.0-3.47.1.aarch64",
                  "product_id": "libcurl4-mini-7.60.0-3.47.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libcurl-devel-64bit-7.60.0-3.47.1.aarch64_ilp32",
                "product": {
                  "name": "libcurl-devel-64bit-7.60.0-3.47.1.aarch64_ilp32",
                  "product_id": "libcurl-devel-64bit-7.60.0-3.47.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-64bit-7.60.0-3.47.1.aarch64_ilp32",
                "product": {
                  "name": "libcurl4-64bit-7.60.0-3.47.1.aarch64_ilp32",
                  "product_id": "libcurl4-64bit-7.60.0-3.47.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-3.47.1.i586",
                "product": {
                  "name": "curl-7.60.0-3.47.1.i586",
                  "product_id": "curl-7.60.0-3.47.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-3.47.1.i586",
                "product": {
                  "name": "curl-mini-7.60.0-3.47.1.i586",
                  "product_id": "curl-mini-7.60.0-3.47.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-3.47.1.i586",
                "product": {
                  "name": "libcurl-devel-7.60.0-3.47.1.i586",
                  "product_id": "libcurl-devel-7.60.0-3.47.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-3.47.1.i586",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-3.47.1.i586",
                  "product_id": "libcurl-mini-devel-7.60.0-3.47.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-3.47.1.i586",
                "product": {
                  "name": "libcurl4-7.60.0-3.47.1.i586",
                  "product_id": "libcurl4-7.60.0-3.47.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-3.47.1.i586",
                "product": {
                  "name": "libcurl4-mini-7.60.0-3.47.1.i586",
                  "product_id": "libcurl4-mini-7.60.0-3.47.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-3.47.1.ppc64le",
                "product": {
                  "name": "curl-7.60.0-3.47.1.ppc64le",
                  "product_id": "curl-7.60.0-3.47.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-3.47.1.ppc64le",
                "product": {
                  "name": "curl-mini-7.60.0-3.47.1.ppc64le",
                  "product_id": "curl-mini-7.60.0-3.47.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-3.47.1.ppc64le",
                "product": {
                  "name": "libcurl-devel-7.60.0-3.47.1.ppc64le",
                  "product_id": "libcurl-devel-7.60.0-3.47.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-3.47.1.ppc64le",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-3.47.1.ppc64le",
                  "product_id": "libcurl-mini-devel-7.60.0-3.47.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-3.47.1.ppc64le",
                "product": {
                  "name": "libcurl4-7.60.0-3.47.1.ppc64le",
                  "product_id": "libcurl4-7.60.0-3.47.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-3.47.1.ppc64le",
                "product": {
                  "name": "libcurl4-mini-7.60.0-3.47.1.ppc64le",
                  "product_id": "libcurl4-mini-7.60.0-3.47.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-3.47.1.s390x",
                "product": {
                  "name": "curl-7.60.0-3.47.1.s390x",
                  "product_id": "curl-7.60.0-3.47.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-3.47.1.s390x",
                "product": {
                  "name": "curl-mini-7.60.0-3.47.1.s390x",
                  "product_id": "curl-mini-7.60.0-3.47.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-3.47.1.s390x",
                "product": {
                  "name": "libcurl-devel-7.60.0-3.47.1.s390x",
                  "product_id": "libcurl-devel-7.60.0-3.47.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-3.47.1.s390x",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-3.47.1.s390x",
                  "product_id": "libcurl-mini-devel-7.60.0-3.47.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-3.47.1.s390x",
                "product": {
                  "name": "libcurl4-7.60.0-3.47.1.s390x",
                  "product_id": "libcurl4-7.60.0-3.47.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-3.47.1.s390x",
                "product": {
                  "name": "libcurl4-mini-7.60.0-3.47.1.s390x",
                  "product_id": "libcurl4-mini-7.60.0-3.47.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-3.47.1.x86_64",
                "product": {
                  "name": "curl-7.60.0-3.47.1.x86_64",
                  "product_id": "curl-7.60.0-3.47.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-3.47.1.x86_64",
                "product": {
                  "name": "curl-mini-7.60.0-3.47.1.x86_64",
                  "product_id": "curl-mini-7.60.0-3.47.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-3.47.1.x86_64",
                "product": {
                  "name": "libcurl-devel-7.60.0-3.47.1.x86_64",
                  "product_id": "libcurl-devel-7.60.0-3.47.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-32bit-7.60.0-3.47.1.x86_64",
                "product": {
                  "name": "libcurl-devel-32bit-7.60.0-3.47.1.x86_64",
                  "product_id": "libcurl-devel-32bit-7.60.0-3.47.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-3.47.1.x86_64",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-3.47.1.x86_64",
                  "product_id": "libcurl-mini-devel-7.60.0-3.47.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-3.47.1.x86_64",
                "product": {
                  "name": "libcurl4-7.60.0-3.47.1.x86_64",
                  "product_id": "libcurl4-7.60.0-3.47.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-32bit-7.60.0-3.47.1.x86_64",
                "product": {
                  "name": "libcurl4-32bit-7.60.0-3.47.1.x86_64",
                  "product_id": "libcurl4-32bit-7.60.0-3.47.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-3.47.1.x86_64",
                "product": {
                  "name": "libcurl4-mini-7.60.0-3.47.1.x86_64",
                  "product_id": "libcurl4-mini-7.60.0-3.47.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP1-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP1-BCL",
                  "product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_bcl:15:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Proxy 4.0",
                "product": {
                  "name": "SUSE Manager Proxy 4.0",
                  "product_id": "SUSE Manager Proxy 4.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-proxy:4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Retail Branch Server 4.0",
                "product": {
                  "name": "SUSE Manager Retail Branch Server 4.0",
                  "product_id": "SUSE Manager Retail Branch Server 4.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Server 4.0",
                "product": {
                  "name": "SUSE Manager Server 4.0",
                  "product_id": "SUSE Manager Server 4.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-server:4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 6",
                "product": {
                  "name": "SUSE Enterprise Storage 6",
                  "product_id": "SUSE Enterprise Storage 6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "curl-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "curl-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "curl-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "curl-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "curl-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "curl-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "curl-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "curl-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "curl-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le"
        },
        "product_reference": "curl-7.60.0-3.47.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x"
        },
        "product_reference": "curl-7.60.0-3.47.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "curl-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "curl-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "curl-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le"
        },
        "product_reference": "curl-7.60.0-3.47.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x"
        },
        "product_reference": "curl-7.60.0-3.47.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "curl-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le"
        },
        "product_reference": "curl-7.60.0-3.47.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "curl-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le"
        },
        "product_reference": "curl-7.60.0-3.47.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "curl-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-3.47.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.x86_64 as component of SUSE Manager Proxy 4.0",
          "product_id": "SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "curl-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.x86_64 as component of SUSE Manager Proxy 4.0",
          "product_id": "SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.x86_64 as component of SUSE Manager Proxy 4.0",
          "product_id": "SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-3.47.1.x86_64 as component of SUSE Manager Proxy 4.0",
          "product_id": "SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
          "product_id": "SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "curl-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
          "product_id": "SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
          "product_id": "SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-3.47.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
          "product_id": "SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.ppc64le as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le"
        },
        "product_reference": "curl-7.60.0-3.47.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.s390x as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x"
        },
        "product_reference": "curl-7.60.0-3.47.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.x86_64 as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "curl-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.ppc64le as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.s390x as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.x86_64 as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.ppc64le as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.s390x as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.x86_64 as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-3.47.1.x86_64 as component of SUSE Manager Server 4.0",
          "product_id": "SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.aarch64 as component of SUSE Enterprise Storage 6",
          "product_id": "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "curl-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-3.47.1.x86_64 as component of SUSE Enterprise Storage 6",
          "product_id": "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "curl-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.aarch64 as component of SUSE Enterprise Storage 6",
          "product_id": "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-3.47.1.x86_64 as component of SUSE Enterprise Storage 6",
          "product_id": "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.aarch64 as component of SUSE Enterprise Storage 6",
          "product_id": "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-3.47.1.x86_64 as component of SUSE Enterprise Storage 6",
          "product_id": "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-3.47.1.x86_64 as component of SUSE Enterprise Storage 6",
          "product_id": "SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-3.47.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-22922",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-22922"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64",
          "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64",
          "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64",
          "SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x",
          "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64",
          "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x",
          "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x",
          "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-22922",
          "url": "https://www.suse.com/security/cve/CVE-2021-22922"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188217 for CVE-2021-22922",
          "url": "https://bugzilla.suse.com/1188217"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192447 for CVE-2021-22922",
          "url": "https://bugzilla.suse.com/1192447"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-21T11:48:57Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-22922"
    },
    {
      "cve": "CVE-2021-22923",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-22923"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user\u0027s expectations and intentions and without telling the user it happened.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64",
          "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64",
          "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64",
          "SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x",
          "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64",
          "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x",
          "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x",
          "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-22923",
          "url": "https://www.suse.com/security/cve/CVE-2021-22923"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188218 for CVE-2021-22923",
          "url": "https://bugzilla.suse.com/1188218"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192447 for CVE-2021-22923",
          "url": "https://bugzilla.suse.com/1192447"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-21T11:48:57Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-22923"
    },
    {
      "cve": "CVE-2021-22924",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-22924"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64",
          "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64",
          "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64",
          "SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x",
          "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64",
          "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x",
          "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x",
          "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-22924",
          "url": "https://www.suse.com/security/cve/CVE-2021-22924"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188219 for CVE-2021-22924",
          "url": "https://bugzilla.suse.com/1188219"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192447 for CVE-2021-22924",
          "url": "https://bugzilla.suse.com/1192447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200196 for CVE-2021-22924",
          "url": "https://bugzilla.suse.com/1200196"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-21T11:48:57Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-22924"
    },
    {
      "cve": "CVE-2021-22925",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-22925"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64",
          "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64",
          "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x",
          "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64",
          "SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64",
          "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le",
          "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x",
          "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64",
          "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le",
          "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x",
          "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
          "SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
          "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le",
          "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x",
          "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-22925",
          "url": "https://www.suse.com/security/cve/CVE-2021-22925"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188220 for CVE-2021-22925",
          "url": "https://bugzilla.suse.com/1188220"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192447 for CVE-2021-22925",
          "url": "https://bugzilla.suse.com/1192447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200196 for CVE-2021-22925",
          "url": "https://bugzilla.suse.com/1200196"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:curl-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Enterprise Storage 6:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.aarch64",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:curl-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.47.1.x86_64",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.ppc64le",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.s390x",
            "SUSE Manager Server 4.0:libcurl4-7.60.0-3.47.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-21T11:48:57Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-22925"
    }
  ]
}

SUSE-SU-2021:2462-1

Vulnerability from csaf_suse - Published: 2021-07-23 09:23 - Updated: 2021-07-23 09:23

Summary

Security update for curl

Severity

Moderate

Notes

Title of the patch: Security update for curl

Patchnames: SUSE-2021-2462,SUSE-SLE-SDK-12-SP5-2021-2462,SUSE-SLE-SERVER-12-SP5-2021-2462

CVE-2021-22922

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 24 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-22923

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 24 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-22924

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 24 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-22925

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 24 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

26 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1188217	self
https://bugzilla.suse.com/1188218	self
https://bugzilla.suse.com/1188219	self
https://bugzilla.suse.com/1188220	self
https://www.suse.com/security/cve/CVE-2021-22922/	self
https://www.suse.com/security/cve/CVE-2021-22923/	self
https://www.suse.com/security/cve/CVE-2021-22924/	self
https://www.suse.com/security/cve/CVE-2021-22925/	self
https://www.suse.com/security/cve/CVE-2021-22922	external
https://bugzilla.suse.com/1188217	external
https://bugzilla.suse.com/1192447	external
https://www.suse.com/security/cve/CVE-2021-22923	external
https://bugzilla.suse.com/1188218	external
https://bugzilla.suse.com/1192447	external
https://www.suse.com/security/cve/CVE-2021-22924	external
https://bugzilla.suse.com/1188219	external
https://bugzilla.suse.com/1192447	external
https://bugzilla.suse.com/1200196	external
https://www.suse.com/security/cve/CVE-2021-22925	external
https://bugzilla.suse.com/1188220	external
https://bugzilla.suse.com/1192447	external
https://bugzilla.suse.com/1200196	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for curl",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for curl fixes the following issues:\n\n- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)\n- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)\n- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)\n- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2021-2462,SUSE-SLE-SDK-12-SP5-2021-2462,SUSE-SLE-SERVER-12-SP5-2021-2462",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_2462-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2021:2462-1",
        "url": "https://www.suse.com/support/update/announcement/2021/suse-su-20212462-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2021:2462-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009210.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188217",
        "url": "https://bugzilla.suse.com/1188217"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188218",
        "url": "https://bugzilla.suse.com/1188218"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188219",
        "url": "https://bugzilla.suse.com/1188219"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188220",
        "url": "https://bugzilla.suse.com/1188220"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-22922 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-22922/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-22923 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-22923/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-22924 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-22924/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-22925 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-22925/"
      }
    ],
    "title": "Security update for curl",
    "tracking": {
      "current_release_date": "2021-07-23T09:23:31Z",
      "generator": {
        "date": "2021-07-23T09:23:31Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2021:2462-1",
      "initial_release_date": "2021-07-23T09:23:31Z",
      "revision_history": [
        {
          "date": "2021-07-23T09:23:31Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-11.23.1.aarch64",
                "product": {
                  "name": "curl-7.60.0-11.23.1.aarch64",
                  "product_id": "curl-7.60.0-11.23.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-11.23.1.aarch64",
                "product": {
                  "name": "curl-mini-7.60.0-11.23.1.aarch64",
                  "product_id": "curl-mini-7.60.0-11.23.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-11.23.1.aarch64",
                "product": {
                  "name": "libcurl-devel-7.60.0-11.23.1.aarch64",
                  "product_id": "libcurl-devel-7.60.0-11.23.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-11.23.1.aarch64",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-11.23.1.aarch64",
                  "product_id": "libcurl-mini-devel-7.60.0-11.23.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-11.23.1.aarch64",
                "product": {
                  "name": "libcurl4-7.60.0-11.23.1.aarch64",
                  "product_id": "libcurl4-7.60.0-11.23.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-11.23.1.aarch64",
                "product": {
                  "name": "libcurl4-mini-7.60.0-11.23.1.aarch64",
                  "product_id": "libcurl4-mini-7.60.0-11.23.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libcurl-devel-64bit-7.60.0-11.23.1.aarch64_ilp32",
                "product": {
                  "name": "libcurl-devel-64bit-7.60.0-11.23.1.aarch64_ilp32",
                  "product_id": "libcurl-devel-64bit-7.60.0-11.23.1.aarch64_ilp32"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-64bit-7.60.0-11.23.1.aarch64_ilp32",
                "product": {
                  "name": "libcurl4-64bit-7.60.0-11.23.1.aarch64_ilp32",
                  "product_id": "libcurl4-64bit-7.60.0-11.23.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-11.23.1.i586",
                "product": {
                  "name": "curl-7.60.0-11.23.1.i586",
                  "product_id": "curl-7.60.0-11.23.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-11.23.1.i586",
                "product": {
                  "name": "curl-mini-7.60.0-11.23.1.i586",
                  "product_id": "curl-mini-7.60.0-11.23.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-11.23.1.i586",
                "product": {
                  "name": "libcurl-devel-7.60.0-11.23.1.i586",
                  "product_id": "libcurl-devel-7.60.0-11.23.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-11.23.1.i586",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-11.23.1.i586",
                  "product_id": "libcurl-mini-devel-7.60.0-11.23.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-11.23.1.i586",
                "product": {
                  "name": "libcurl4-7.60.0-11.23.1.i586",
                  "product_id": "libcurl4-7.60.0-11.23.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-11.23.1.i586",
                "product": {
                  "name": "libcurl4-mini-7.60.0-11.23.1.i586",
                  "product_id": "libcurl4-mini-7.60.0-11.23.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-11.23.1.ppc64le",
                "product": {
                  "name": "curl-7.60.0-11.23.1.ppc64le",
                  "product_id": "curl-7.60.0-11.23.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-11.23.1.ppc64le",
                "product": {
                  "name": "curl-mini-7.60.0-11.23.1.ppc64le",
                  "product_id": "curl-mini-7.60.0-11.23.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-11.23.1.ppc64le",
                "product": {
                  "name": "libcurl-devel-7.60.0-11.23.1.ppc64le",
                  "product_id": "libcurl-devel-7.60.0-11.23.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-11.23.1.ppc64le",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-11.23.1.ppc64le",
                  "product_id": "libcurl-mini-devel-7.60.0-11.23.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-11.23.1.ppc64le",
                "product": {
                  "name": "libcurl4-7.60.0-11.23.1.ppc64le",
                  "product_id": "libcurl4-7.60.0-11.23.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-11.23.1.ppc64le",
                "product": {
                  "name": "libcurl4-mini-7.60.0-11.23.1.ppc64le",
                  "product_id": "libcurl4-mini-7.60.0-11.23.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-11.23.1.s390",
                "product": {
                  "name": "curl-7.60.0-11.23.1.s390",
                  "product_id": "curl-7.60.0-11.23.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-11.23.1.s390",
                "product": {
                  "name": "curl-mini-7.60.0-11.23.1.s390",
                  "product_id": "curl-mini-7.60.0-11.23.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-11.23.1.s390",
                "product": {
                  "name": "libcurl-devel-7.60.0-11.23.1.s390",
                  "product_id": "libcurl-devel-7.60.0-11.23.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-11.23.1.s390",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-11.23.1.s390",
                  "product_id": "libcurl-mini-devel-7.60.0-11.23.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-11.23.1.s390",
                "product": {
                  "name": "libcurl4-7.60.0-11.23.1.s390",
                  "product_id": "libcurl4-7.60.0-11.23.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-11.23.1.s390",
                "product": {
                  "name": "libcurl4-mini-7.60.0-11.23.1.s390",
                  "product_id": "libcurl4-mini-7.60.0-11.23.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-11.23.1.s390x",
                "product": {
                  "name": "curl-7.60.0-11.23.1.s390x",
                  "product_id": "curl-7.60.0-11.23.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-11.23.1.s390x",
                "product": {
                  "name": "curl-mini-7.60.0-11.23.1.s390x",
                  "product_id": "curl-mini-7.60.0-11.23.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-11.23.1.s390x",
                "product": {
                  "name": "libcurl-devel-7.60.0-11.23.1.s390x",
                  "product_id": "libcurl-devel-7.60.0-11.23.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-32bit-7.60.0-11.23.1.s390x",
                "product": {
                  "name": "libcurl-devel-32bit-7.60.0-11.23.1.s390x",
                  "product_id": "libcurl-devel-32bit-7.60.0-11.23.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-11.23.1.s390x",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-11.23.1.s390x",
                  "product_id": "libcurl-mini-devel-7.60.0-11.23.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-11.23.1.s390x",
                "product": {
                  "name": "libcurl4-7.60.0-11.23.1.s390x",
                  "product_id": "libcurl4-7.60.0-11.23.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-32bit-7.60.0-11.23.1.s390x",
                "product": {
                  "name": "libcurl4-32bit-7.60.0-11.23.1.s390x",
                  "product_id": "libcurl4-32bit-7.60.0-11.23.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-11.23.1.s390x",
                "product": {
                  "name": "libcurl4-mini-7.60.0-11.23.1.s390x",
                  "product_id": "libcurl4-mini-7.60.0-11.23.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.60.0-11.23.1.x86_64",
                "product": {
                  "name": "curl-7.60.0-11.23.1.x86_64",
                  "product_id": "curl-7.60.0-11.23.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "curl-mini-7.60.0-11.23.1.x86_64",
                "product": {
                  "name": "curl-mini-7.60.0-11.23.1.x86_64",
                  "product_id": "curl-mini-7.60.0-11.23.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.60.0-11.23.1.x86_64",
                "product": {
                  "name": "libcurl-devel-7.60.0-11.23.1.x86_64",
                  "product_id": "libcurl-devel-7.60.0-11.23.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-32bit-7.60.0-11.23.1.x86_64",
                "product": {
                  "name": "libcurl-devel-32bit-7.60.0-11.23.1.x86_64",
                  "product_id": "libcurl-devel-32bit-7.60.0-11.23.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-mini-devel-7.60.0-11.23.1.x86_64",
                "product": {
                  "name": "libcurl-mini-devel-7.60.0-11.23.1.x86_64",
                  "product_id": "libcurl-mini-devel-7.60.0-11.23.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.60.0-11.23.1.x86_64",
                "product": {
                  "name": "libcurl4-7.60.0-11.23.1.x86_64",
                  "product_id": "libcurl4-7.60.0-11.23.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-32bit-7.60.0-11.23.1.x86_64",
                "product": {
                  "name": "libcurl4-32bit-7.60.0-11.23.1.x86_64",
                  "product_id": "libcurl4-32bit-7.60.0-11.23.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-mini-7.60.0-11.23.1.x86_64",
                "product": {
                  "name": "libcurl4-mini-7.60.0-11.23.1.x86_64",
                  "product_id": "libcurl4-mini-7.60.0-11.23.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-11.23.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64"
        },
        "product_reference": "libcurl-devel-7.60.0-11.23.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-11.23.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le"
        },
        "product_reference": "libcurl-devel-7.60.0-11.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-11.23.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x"
        },
        "product_reference": "libcurl-devel-7.60.0-11.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.60.0-11.23.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.60.0-11.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-11.23.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64"
        },
        "product_reference": "curl-7.60.0-11.23.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-11.23.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le"
        },
        "product_reference": "curl-7.60.0-11.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-11.23.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x"
        },
        "product_reference": "curl-7.60.0-11.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-11.23.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64"
        },
        "product_reference": "curl-7.60.0-11.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-11.23.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64"
        },
        "product_reference": "libcurl4-7.60.0-11.23.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-11.23.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le"
        },
        "product_reference": "libcurl4-7.60.0-11.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-11.23.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x"
        },
        "product_reference": "libcurl4-7.60.0-11.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-11.23.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-11.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-11.23.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x"
        },
        "product_reference": "libcurl4-32bit-7.60.0-11.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-11.23.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-11.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-11.23.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64"
        },
        "product_reference": "curl-7.60.0-11.23.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-11.23.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le"
        },
        "product_reference": "curl-7.60.0-11.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-11.23.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x"
        },
        "product_reference": "curl-7.60.0-11.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.60.0-11.23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64"
        },
        "product_reference": "curl-7.60.0-11.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-11.23.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64"
        },
        "product_reference": "libcurl4-7.60.0-11.23.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-11.23.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le"
        },
        "product_reference": "libcurl4-7.60.0-11.23.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-11.23.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x"
        },
        "product_reference": "libcurl4-7.60.0-11.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.60.0-11.23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64"
        },
        "product_reference": "libcurl4-7.60.0-11.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-11.23.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x"
        },
        "product_reference": "libcurl4-32bit-7.60.0-11.23.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.60.0-11.23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.60.0-11.23.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-22922",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-22922"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-22922",
          "url": "https://www.suse.com/security/cve/CVE-2021-22922"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188217 for CVE-2021-22922",
          "url": "https://bugzilla.suse.com/1188217"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192447 for CVE-2021-22922",
          "url": "https://bugzilla.suse.com/1192447"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-23T09:23:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-22922"
    },
    {
      "cve": "CVE-2021-22923",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-22923"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user\u0027s expectations and intentions and without telling the user it happened.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-22923",
          "url": "https://www.suse.com/security/cve/CVE-2021-22923"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188218 for CVE-2021-22923",
          "url": "https://bugzilla.suse.com/1188218"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192447 for CVE-2021-22923",
          "url": "https://bugzilla.suse.com/1192447"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-23T09:23:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-22923"
    },
    {
      "cve": "CVE-2021-22924",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-22924"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-22924",
          "url": "https://www.suse.com/security/cve/CVE-2021-22924"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188219 for CVE-2021-22924",
          "url": "https://bugzilla.suse.com/1188219"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192447 for CVE-2021-22924",
          "url": "https://bugzilla.suse.com/1192447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200196 for CVE-2021-22924",
          "url": "https://bugzilla.suse.com/1200196"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-23T09:23:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-22924"
    },
    {
      "cve": "CVE-2021-22925",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-22925"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-22925",
          "url": "https://www.suse.com/security/cve/CVE-2021-22925"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188220 for CVE-2021-22925",
          "url": "https://bugzilla.suse.com/1188220"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192447 for CVE-2021-22925",
          "url": "https://bugzilla.suse.com/1192447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200196 for CVE-2021-22925",
          "url": "https://bugzilla.suse.com/1200196"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:curl-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:curl-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-32bit-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libcurl4-7.60.0-11.23.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libcurl-devel-7.60.0-11.23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-23T09:23:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-22925"
    }
  ]
}

VAR-202108-2222

Vulnerability from variot - Updated: 2026-04-10 22:46

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. cURL There is a vulnerability in the use of incorrectly resolved names and references.Information may be obtained. A security issue has been found in curl before version 7.78.0. The comparison also didn't include the 'issuer cert' which a transfer can set to qualify how to verify the server certificate. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: rh-dotnet31-curl security update Advisory ID: RHSA-2022:1354-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1354 Issue date: 2022-04-13 CVE Names: CVE-2021-22876 CVE-2021-22924 CVE-2021-22946 CVE-2021-22947 ==================================================================== 1. Summary:

An update for rh-dotnet31-curl is now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Description:

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

Security Fix(es):

curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
curl: Bad connection reuse due to flawed path name checks (CVE-2021-22924)
curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946)
curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks 2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols 2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake

Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm

x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYlb3SNzjgjWX9erEAQgpXg/5AT2Nh6ff5mqlZ7dY4dfRgIFgwWOFbvsL 7SHL2ScZJGC2ArXHw9ZpL6XqOZlNm6LGy3V9py4CTEt3lSOl1i3NG4LBKjA7tnea C0l327UhJZqwg1NtZzuhfJTjngxY+09PKNF9X9ULfISZAU0LJlA32VsY/Aw3r2Pu tPx+v+xFKHov+lCT9M75Y7gd0O1McWRwnLF+9E8sVYfkkWp/KMEg4BiuiIax+5lD 9Cs7sgYGct1wDMC+aXbcgM06vCY8nKTwyD67yuFjL+wbHnjcO12Kle9AIzPLQpjU LvzQRqE5/KNhH1BC0jLJwRmFuRH4q/JP8+PRK7/9ABLIl10uj37z9XKpqRj5eBKe tof7/1Fq1DIhDQXoU2TB6SdWwAW/GgLb0tQf1F9KUfgJ+PUQGZED7JzB/jjBZqEy Rh2zDbM8hpCyTBA1bZb/34NyuGG2fypXYkbAda61bWAmn/oV4+P7tV+rGVdQP9GA rlvFPm3sEvT5qHe2pI0du5+Y0yB1PjPMmwYKBlNmhuNFbKgH6dLv8KlKMcbJvu4T dA7yKkZyyxux8W1Reyp0Wzh2wJE5aQfbZm9rzVDJ896AIlO+UzqHXH4XWoFQV1Rz Foj7yKfAJAS/fumVMGd5Z2rpzf8bVjiPltQi+qXFgdyfqpkLxzSKj1tFtWxFW8P4 04zDwrF/odg=o6o+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-5021-1 July 22, 2021

curl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 21.04
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in curl.

Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. (CVE-2021-22898, CVE-2021-22925)

Harry Sintonen discovered that curl incorrectly reused connections in the connection pool. This could result in curl reusing the wrong connections. (CVE-2021-22924)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.04: curl 7.74.0-1ubuntu2.1 libcurl3-gnutls 7.74.0-1ubuntu2.1 libcurl3-nss 7.74.0-1ubuntu2.1 libcurl4 7.74.0-1ubuntu2.1

Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.6 libcurl3-gnutls 7.68.0-1ubuntu2.6 libcurl3-nss 7.68.0-1ubuntu2.6 libcurl4 7.68.0-1ubuntu2.6

Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.14 libcurl3-gnutls 7.58.0-2ubuntu3.14 libcurl3-nss 7.58.0-2ubuntu3.14 libcurl4 7.58.0-2ubuntu3.14

In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/):

2007489 - RHACM 2.1.12 images 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings

8) - aarch64, ppc64le, s390x, x86_64
Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Summary:

Red Hat Advanced Cluster Management for Kubernetes 2.1.11 General Availability release images, which provide a security fix and update the container images. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images

Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes.

Container updates:

RHACM 2.1.11 images (BZ# 1999375)
Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. To apply this upgrade, you must upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/):

1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1999375 - RHACM 2.1.11 images

Description:

Quay 3.6.0 release

Security Fix(es):

nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)
python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c (CVE-2021-25289)
nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27516)
nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)
nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)
nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format (CVE-2018-1107)
nodejs-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-16492)
nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure (CVE-2018-21270)
nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)
nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
nodejs-highlight-js: prototype pollution via a crafted HTML code block (CVE-2020-26237)
urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)
python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow (CVE-2020-35654)
browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)
nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)
nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)
python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290)
python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c (CVE-2021-25291)
python-pillow: backtracking regex in PDF parser could be used as a DOS attack (CVE-2021-25292)
python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)
nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27515)
python-pillow: reported size of a contained image is not properly checked for a BLP container (CVE-2021-27921)
python-pillow: reported size of a contained image is not properly checked for an ICNS container (CVE-2021-27922)
python-pillow: reported size of a contained image is not properly checked for an ICO container (CVE-2021-27923)
python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552)
nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js (CVE-2018-1109)
lodash: Prototype pollution in utilities function (CVE-2018-3721)
hoek: Prototype pollution in utilities function (CVE-2018-3728)
lodash: uncontrolled resource consumption in Data handler causing denial of service (CVE-2019-1010266)
nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)
python-pillow: decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):

1500700 - CVE-2017-16138 nodejs-mime: Regular expression Denial of Service 1500705 - CVE-2017-16137 nodejs-debug: Regular expression Denial of Service 1545884 - CVE-2018-3721 lodash: Prototype pollution in utilities function 1545893 - CVE-2018-3728 hoek: Prototype pollution in utilities function 1546357 - CVE-2018-1107 nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format 1547272 - CVE-2018-1109 nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js 1608140 - CVE-2018-16492 nodejs-extend: Prototype pollution can allow attackers to modify object properties 1743096 - CVE-2019-1010266 lodash: uncontrolled resource consumption in Data handler causing denial of service 1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS 1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution 1901662 - CVE-2020-26237 nodejs-highlight-js: prototype pollution via a crafted HTML code block 1915257 - CVE-2020-26291 urijs: Hostname spoofing via backslashes in URL 1915420 - CVE-2020-35653 python-pillow: decoding a crafted PCX file could result in buffer over-read 1915424 - CVE-2020-35654 python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow 1927293 - CVE-2018-21270 nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure 1934470 - CVE-2021-27516 nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise 1934474 - CVE-2021-27515 nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise 1934680 - CVE-2021-25289 python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c 1934685 - CVE-2021-25290 python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c 1934692 - CVE-2021-25291 python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c 1934699 - CVE-2021-25292 python-pillow: backtracking regex in PDF parser could be used as a DOS attack 1934705 - CVE-2021-25293 python-pillow: out-of-bounds read in SGIRleDecode.c 1935384 - CVE-2021-27921 python-pillow: reported size of a contained image is not properly checked for a BLP container 1935396 - CVE-2021-27922 python-pillow: reported size of a contained image is not properly checked for an ICNS container 1935401 - CVE-2021-27923 python-pillow: reported size of a contained image is not properly checked for an ICO container 1940759 - CVE-2018-3774 nodejs-url-parse: incorrect hostname in url parsing 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1982378 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function

JIRA issues fixed (https://issues.jboss.org/):

PROJQUAY-1417 - zstd compressed layers PROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay PROJQUAY-1535 - As a user I can create and use nested repository name structures PROJQUAY-1583 - add "disconnected" annotation to operators PROJQUAY-1609 - Operator communicates status per managed component PROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment PROJQUAY-1791 - v1beta CRD EOL PROJQUAY-1883 - Support OCP Re-encrypt routes PROJQUAY-1887 - allow either sha or tag in related images PROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. PROJQUAY-1998 - note database deprecations in 3.6 Config Tool PROJQUAY-2050 - Support OCP Edge-Termination PROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly PROJQUAY-2102 - add clair-4.2 enrichment data to quay UI PROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install

Bugs fixed (https://bugzilla.redhat.com/):

1858777 - Alert for VM with 'evictionStrategy: LiveMigrate' for local PVs set 1891921 - virt-launcher is missing /usr/share/zoneinfo directory, making it impossible to set clock offset of timezone type for the guest RTC 1896469 - In cluster with OVN Kubernetes networking - a node doesn't recover when configuring linux-bridge over its default NIC 1903687 - [scale] 1K DV creation failed 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1933043 - Delete VM just after it turns into "running" is very likely to hit grace period end 1935219 - [CNV-2.5] Set memory and CPU request on hco-operator and hco-webhook deployments 1942726 - test automatic bug creation for a new release 1943164 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 1945589 - Live migration with virtiofs is possible 1953481 - New OCP priority classes are not used - Deploy 1953483 - New OCP priority classes are not used - SSP 1953484 - New OCP priority classes are not used - Storage 1955129 - Failed to bindmount hotplug-disk for hostpath-provisioner 1957852 - Could not start VM as restore snapshot was still not Complete 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 1963963 - hco.kubevirt.io:config-reader role and rolebinding are not strictly reconciled 1965050 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 1973852 - Introduce VM crashloop backoff 1976604 - [CNV-5786] IP connectivity is lost after migration (masquerade) 1976730 - Disk is not usable due to incorrect size for proper alignment 1979631 - virt-chroot: container disk validation crash prevents VMI from starting/migrating 1979659 - 4.9.0 containers 1981345 - 4.9.0 rpms 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1985083 - VMI Pod fails to terminate due to a zombie qemu process 1985649 - virt-handler Pod is missing xorrisofs command 1985670 - virt-launcher fails to create v1 controller cpu for group: Read-only file system 1985719 - Unprivileged client fails to get guest agent data 1989176 - kube-cni-linux-bridge-plugin Pod is missing bridge CNI plugin 1989263 - VM Snapshot may freeze guest indefinitely 1989269 - Online VM Snapshot storing incorrect VM spec 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1991691 - Enable DownwardMetrics FeatureGate via HCO CR 1992608 - kubevirt doesn't respect useEmulation: true 1993121 - Rhel9 templates - provider-url should be updated to https://www.redhat.com/ 1994389 - Some of the cdi resources missing app labels 1995295 - SCC annotation of ssp-operator was changed to privileged 1996407 - [cdi-functional-tests] cdi-docker-registry-host Pod fails to start 1997014 - Common templates - dataVolumeTemplates API version should be updated 1998054 - RHEL9 template - update template description. 1998656 - no "name" label in ssp-operator pod 1999571 - NFS clone not progressing when clone sizes mismatch (target > source) 1999617 - Unable to create a VM with nonroot VirtLauncher Pods 1999835 - ConsoleCLIDownload | wrong path in virtctl archive URL 2000052 - NNCP creation failures after nmstate-handler pod deletion 2000204 - [4.9.0] [RFE] volumeSnapshotStatuses reason does not check for volume type that do not support snapshots 2001041 - [4.9.0] Importer attempts to shrink an image in certain situations 2001047 - Automatic size detection may not request a PVC that is large enough for an import 2003473 - Failed to Migrate Windows VM with CDROM (readonly) 2005695 - With descheduler during multiple VMIs migrations, some VMs are restarted 2006418 - Clone Strategy does not work as described 2008900 - Eviction of not live migratable VMs due to virt-launcher upgrade can happen outside the upgrade window 2010742 - [CNV-4.9] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2011179 - Cluster-wide live migration limits and timeouts are not suitable 2017394 - After upgrade, live migration is Pending 2018521 - [Storage] Failed to restore VirtualMachineSnapshot after CNV upgrade

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "mysql server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.26"
      },
      {
        "_id": null,
        "model": "scalance m876-3",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.0"
      },
      {
        "_id": null,
        "model": "sinec infrastructure network services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0.1.1"
      },
      {
        "_id": null,
        "model": "sinema remote connect server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "simatic rtu3031c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0.14"
      },
      {
        "_id": null,
        "model": "simatic rtu 3041c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0.14"
      },
      {
        "_id": null,
        "model": "mysql server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.36"
      },
      {
        "_id": null,
        "model": "scalance m804pb",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "scalance m874-3",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.58"
      },
      {
        "_id": null,
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.59"
      },
      {
        "_id": null,
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "scalance m876-4",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "simatic rtu3010c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0.14"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "_id": null,
        "model": "ruggedcomrm 1224 lte",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "simatic cp 1543-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0.22"
      },
      {
        "_id": null,
        "model": "scalance m874-2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "cloud backup",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "simatic rtu3030c",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0.14"
      },
      {
        "_id": null,
        "model": "solidfire \\\u0026 hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "scalance m812-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.57"
      },
      {
        "_id": null,
        "model": "scalance s615",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.0"
      },
      {
        "_id": null,
        "model": "logo\\! cmr2020",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "_id": null,
        "model": "logo\\! cmr2040",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "_id": null,
        "model": "simatic cp 1545-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.6"
      },
      {
        "_id": null,
        "model": "scalance m826-2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "mysql server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.7.0"
      },
      {
        "_id": null,
        "model": "mysql server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "_id": null,
        "model": "scalance m816-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "libcurl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.10.4"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.1.0"
      },
      {
        "_id": null,
        "model": "solidfire baseboard management controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.12"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "libcurl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.77.0"
      },
      {
        "_id": null,
        "model": "siplus net cp 1543-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0.22"
      },
      {
        "_id": null,
        "model": "scalance mum856-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "sinema remote connect",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "_id": null,
        "model": "solidfire \u0026 hci management node",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "_id": null,
        "model": "mysql",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30aa\u30e9\u30af\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "peoplesoft enterprise peopletools",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30aa\u30e9\u30af\u30eb",
        "version": null
      },
      {
        "_id": null,
        "model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u65e5\u7acb",
        "version": null
      },
      {
        "_id": null,
        "model": "ontap",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "_id": null,
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "_id": null,
        "model": "curl",
        "scope": null,
        "trust": 0.8,
        "vendor": "haxx",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009762"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22924"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "164523"
      },
      {
        "db": "PACKETSTORM",
        "id": "166714"
      },
      {
        "db": "PACKETSTORM",
        "id": "164583"
      },
      {
        "db": "PACKETSTORM",
        "id": "164221"
      },
      {
        "db": "PACKETSTORM",
        "id": "164282"
      },
      {
        "db": "PACKETSTORM",
        "id": "164555"
      },
      {
        "db": "PACKETSTORM",
        "id": "164755"
      },
      {
        "db": "PACKETSTORM",
        "id": "164948"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2021-22924",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-22924",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-381398",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.2,
            "id": "CVE-2021-22924",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.7,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2021-22924",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-22924",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2021-22924",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-22924",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "VULHUB",
            "id": "VHN-381398",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381398"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009762"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22924"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22924"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate. cURL There is a vulnerability in the use of incorrectly resolved names and references.Information may be obtained. A security issue has been found in curl before version 7.78.0. The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can set to qualify how to verify the server certificate. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: rh-dotnet31-curl security update\nAdvisory ID:       RHSA-2022:1354-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1354\nIssue date:        2022-04-13\nCVE Names:         CVE-2021-22876 CVE-2021-22924 CVE-2021-22946\n                   CVE-2021-22947\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet31-curl is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: Bad connection reuse due to flawed path name checks\n(CVE-2021-22924)\n\n* curl: Requirement to use TLS not properly enforced for IMAP, POP3, and\nFTP protocols (CVE-2021-22946)\n\n* curl: Server responses received before STARTTLS processed after TLS\nhandshake (CVE-2021-22947)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks\n2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols\n2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22924\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlb3SNzjgjWX9erEAQgpXg/5AT2Nh6ff5mqlZ7dY4dfRgIFgwWOFbvsL\n7SHL2ScZJGC2ArXHw9ZpL6XqOZlNm6LGy3V9py4CTEt3lSOl1i3NG4LBKjA7tnea\nC0l327UhJZqwg1NtZzuhfJTjngxY+09PKNF9X9ULfISZAU0LJlA32VsY/Aw3r2Pu\ntPx+v+xFKHov+lCT9M75Y7gd0O1McWRwnLF+9E8sVYfkkWp/KMEg4BiuiIax+5lD\n9Cs7sgYGct1wDMC+aXbcgM06vCY8nKTwyD67yuFjL+wbHnjcO12Kle9AIzPLQpjU\nLvzQRqE5/KNhH1BC0jLJwRmFuRH4q/JP8+PRK7/9ABLIl10uj37z9XKpqRj5eBKe\ntof7/1Fq1DIhDQXoU2TB6SdWwAW/GgLb0tQf1F9KUfgJ+PUQGZED7JzB/jjBZqEy\nRh2zDbM8hpCyTBA1bZb/34NyuGG2fypXYkbAda61bWAmn/oV4+P7tV+rGVdQP9GA\nrlvFPm3sEvT5qHe2pI0du5+Y0yB1PjPMmwYKBlNmhuNFbKgH6dLv8KlKMcbJvu4T\ndA7yKkZyyxux8W1Reyp0Wzh2wJE5aQfbZm9rzVDJ896AIlO+UzqHXH4XWoFQV1Rz\nFoj7yKfAJAS/fumVMGd5Z2rpzf8bVjiPltQi+qXFgdyfqpkLxzSKj1tFtWxFW8P4\n04zDwrF/odg=o6o+\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-5021-1\nJuly 22, 2021\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nHarry Sintonen and Tomas Hoger discovered that curl incorrectly handled\nTELNET connections when the -t option was used on the command line. \nUninitialized data possibly containing sensitive information could be sent\nto the remote server, contrary to expectations. (CVE-2021-22898,\nCVE-2021-22925)\n\nHarry Sintonen discovered that curl incorrectly reused connections in the\nconnection pool. This could result in curl reusing the wrong connections. \n(CVE-2021-22924)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n  curl                            7.74.0-1ubuntu2.1\n  libcurl3-gnutls                 7.74.0-1ubuntu2.1\n  libcurl3-nss                    7.74.0-1ubuntu2.1\n  libcurl4                        7.74.0-1ubuntu2.1\n\nUbuntu 20.04 LTS:\n  curl                            7.68.0-1ubuntu2.6\n  libcurl3-gnutls                 7.68.0-1ubuntu2.6\n  libcurl3-nss                    7.68.0-1ubuntu2.6\n  libcurl4                        7.68.0-1ubuntu2.6\n\nUbuntu 18.04 LTS:\n  curl                            7.58.0-2ubuntu3.14\n  libcurl3-gnutls                 7.58.0-2ubuntu3.14\n  libcurl3-nss                    7.58.0-2ubuntu3.14\n  libcurl4                        7.58.0-2ubuntu3.14\n\nIn general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/):\n\n2007489 - RHACM 2.1.12 images\n2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets\n2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request\n2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser\n2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure\n2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams\n2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack\n2011020 - CVE-2021-41099 redis: Integer overflow issue with strings\n\n5. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.11 General\nAvailability release images, which provide a security fix and update the\ncontainer images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.11 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains updates to one or more container images for Red Hat\nAdvanced Cluster Management for Kubernetes. \n\nContainer updates:\n\n* RHACM 2.1.11 images (BZ# 1999375)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. To apply this upgrade,\nyou \nmust upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name\n1999375 - RHACM 2.1.11 images\n\n5. Description:\n\nQuay 3.6.0 release\n\nSecurity Fix(es):\n\n* nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)\n\n* python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error\nchecking in TiffDecode.c (CVE-2021-25289)\n\n* nodejs-urijs: mishandling certain uses of backslash may lead to\nconfidentiality compromise (CVE-2021-27516)\n\n* nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)\n\n* nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)\n\n* nodejs-is-my-json-valid: ReDoS when validating JSON fields with email\nformat (CVE-2018-1107)\n\n* nodejs-extend: Prototype pollution can allow attackers to modify object\nproperties (CVE-2018-16492)\n\n* nodejs-stringstream: out-of-bounds read leading to uninitialized memory\nexposure (CVE-2018-21270)\n\n* nodejs-handlebars: lookup helper fails to properly validate templates\nallowing for arbitrary JavaScript execution (CVE-2019-20920)\n\n* nodejs-handlebars: an endless loop while processing specially-crafted\ntemplates leads to DoS (CVE-2019-20922)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate\nfunction (CVE-2020-15366)\n\n* nodejs-highlight-js: prototype pollution via a crafted HTML code block\n(CVE-2020-26237)\n\n* urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)\n\n* python-pillow: decoding crafted YCbCr files could result in heap-based\nbuffer overflow (CVE-2020-35654)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* python-pillow: negative-offset memcpy with an invalid size in\nTiffDecode.c (CVE-2021-25290)\n\n* python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c\n(CVE-2021-25291)\n\n* python-pillow: backtracking regex in PDF parser could be used as a DOS\nattack (CVE-2021-25292)\n\n* python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)\n\n* nodejs-url-parse: mishandling certain uses of backslash may lead to\nconfidentiality compromise (CVE-2021-27515)\n\n* python-pillow: reported size of a contained image is not properly checked\nfor a BLP container (CVE-2021-27921)\n\n* python-pillow: reported size of a contained image is not properly checked\nfor an ICNS container (CVE-2021-27922)\n\n* python-pillow: reported size of a contained image is not properly checked\nfor an ICO container (CVE-2021-27923)\n\n* python-pillow: buffer overflow in Convert.c because it allow an attacker\nto pass controlled parameters directly into a convert function\n(CVE-2021-34552)\n\n* nodejs-braces: Regular Expression Denial of Service (ReDoS) in\nlib/parsers.js (CVE-2018-1109)\n\n* lodash: Prototype pollution in utilities function (CVE-2018-3721)\n\n* hoek: Prototype pollution in utilities function (CVE-2018-3728)\n\n* lodash: uncontrolled resource consumption in Data handler causing denial\nof service (CVE-2019-1010266)\n\n* nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)\n\n* python-pillow: decoding a crafted PCX file could result in buffer\nover-read (CVE-2020-35653)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1500700 - CVE-2017-16138 nodejs-mime: Regular expression Denial of Service\n1500705 - CVE-2017-16137 nodejs-debug: Regular expression Denial of Service\n1545884 - CVE-2018-3721 lodash: Prototype pollution in utilities function\n1545893 - CVE-2018-3728 hoek: Prototype pollution in utilities function\n1546357 - CVE-2018-1107 nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format\n1547272 - CVE-2018-1109 nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js\n1608140 - CVE-2018-16492 nodejs-extend: Prototype pollution can allow attackers to modify object properties\n1743096 - CVE-2019-1010266 lodash: uncontrolled resource consumption in Data handler causing denial of service\n1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function\n1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS\n1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution\n1901662 - CVE-2020-26237 nodejs-highlight-js: prototype pollution via a crafted HTML code block\n1915257 - CVE-2020-26291 urijs: Hostname spoofing via backslashes in URL\n1915420 - CVE-2020-35653 python-pillow: decoding a crafted PCX file could result in buffer over-read\n1915424 - CVE-2020-35654 python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow\n1927293 - CVE-2018-21270 nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure\n1934470 - CVE-2021-27516 nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise\n1934474 - CVE-2021-27515 nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise\n1934680 - CVE-2021-25289 python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c\n1934685 - CVE-2021-25290 python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c\n1934692 - CVE-2021-25291 python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c\n1934699 - CVE-2021-25292 python-pillow: backtracking regex in PDF parser could be used as a DOS attack\n1934705 - CVE-2021-25293 python-pillow: out-of-bounds read in SGIRleDecode.c\n1935384 - CVE-2021-27921 python-pillow: reported size of a contained image is not properly checked for a BLP container\n1935396 - CVE-2021-27922 python-pillow: reported size of a contained image is not properly checked for an ICNS container\n1935401 - CVE-2021-27923 python-pillow: reported size of a contained image is not properly checked for an ICO container\n1940759 - CVE-2018-3774 nodejs-url-parse: incorrect hostname in url parsing\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1982378 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nPROJQUAY-1417 - zstd compressed layers\nPROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay\nPROJQUAY-1535 -  As a user I can create and use nested repository name structures\nPROJQUAY-1583 - add \"disconnected\" annotation to operators\nPROJQUAY-1609 - Operator communicates status per managed component\nPROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment\nPROJQUAY-1791 - v1beta CRD EOL\nPROJQUAY-1883 - Support OCP Re-encrypt routes\nPROJQUAY-1887 - allow either sha or tag in related images\nPROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. \nPROJQUAY-1998 - note database deprecations in 3.6 Config Tool\nPROJQUAY-2050 - Support OCP Edge-Termination\nPROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly\nPROJQUAY-2102 - add clair-4.2 enrichment data to quay UI\nPROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install\n\n6. Bugs fixed (https://bugzilla.redhat.com/):\n\n1858777 - Alert for VM with \u0027evictionStrategy: LiveMigrate\u0027 for local PVs set\n1891921 - virt-launcher is missing /usr/share/zoneinfo directory, making it impossible to set clock offset of timezone type for the guest RTC\n1896469 - In cluster with OVN Kubernetes networking - a node doesn\u0027t recover when configuring linux-bridge over its default NIC\n1903687 - [scale] 1K DV creation failed\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1933043 - Delete VM just after it turns into \"running\" is very likely to hit grace period end\n1935219 - [CNV-2.5] Set memory and CPU request on hco-operator and hco-webhook deployments\n1942726 - test automatic bug creation for a new release\n1943164 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed\n1945589 - Live migration with virtiofs is possible\n1953481 - New OCP priority classes are not used - Deploy\n1953483 - New OCP priority classes are not used - SSP\n1953484 - New OCP priority classes are not used - Storage\n1955129 - Failed to bindmount hotplug-disk for hostpath-provisioner\n1957852 - Could not start VM as restore snapshot was still not Complete\n1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header\n1963963 - hco.kubevirt.io:config-reader role and rolebinding are not strictly reconciled\n1965050 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount\n1973852 - Introduce VM crashloop backoff\n1976604 - [CNV-5786] IP connectivity is lost after migration (masquerade)\n1976730 - Disk is not usable due to incorrect size for proper alignment\n1979631 - virt-chroot: container disk validation crash prevents VMI from starting/migrating\n1979659 - 4.9.0 containers\n1981345 - 4.9.0 rpms\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1985083 - VMI Pod fails to terminate due to a zombie qemu process\n1985649 - virt-handler Pod is missing xorrisofs command\n1985670 - virt-launcher fails to create v1 controller cpu for group: Read-only file system\n1985719 - Unprivileged client fails to get guest agent data\n1989176 - kube-cni-linux-bridge-plugin Pod is missing bridge CNI plugin\n1989263 - VM Snapshot may freeze guest indefinitely\n1989269 - Online VM Snapshot storing incorrect VM spec\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1991691 - Enable DownwardMetrics FeatureGate via HCO CR\n1992608 - kubevirt doesn\u0027t respect useEmulation: true\n1993121 - Rhel9 templates - provider-url should be updated to https://www.redhat.com/\n1994389 - Some of the cdi resources missing app labels\n1995295 - SCC annotation of ssp-operator was changed to privileged\n1996407 - [cdi-functional-tests] cdi-docker-registry-host Pod fails to start\n1997014 - Common templates - dataVolumeTemplates API version should be updated\n1998054 - RHEL9 template - update template description. \n1998656 - no \"name\" label in ssp-operator pod\n1999571 - NFS clone not progressing when clone sizes mismatch (target \u003e source)\n1999617 - Unable to create a VM with nonroot VirtLauncher Pods\n1999835 - ConsoleCLIDownload | wrong path in virtctl archive URL\n2000052 - NNCP creation failures after nmstate-handler pod deletion\n2000204 - [4.9.0] [RFE] volumeSnapshotStatuses reason does not check for volume type that do not support snapshots\n2001041 - [4.9.0] Importer attempts to shrink an image in certain situations\n2001047 - Automatic size detection may not request a PVC that is large enough for an import\n2003473 - Failed to Migrate Windows VM with CDROM  (readonly)\n2005695 - With descheduler during multiple VMIs migrations, some VMs are restarted\n2006418 - Clone Strategy does not work as described\n2008900 - Eviction of not live migratable VMs due to virt-launcher upgrade can happen outside the upgrade window\n2010742 - [CNV-4.9] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13\n2011179 - Cluster-wide live migration limits and timeouts are not suitable\n2017394 - After upgrade, live migration is Pending\n2018521 - [Storage] Failed to restore VirtualMachineSnapshot after CNV upgrade\n\n5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-22924"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009762"
      },
      {
        "db": "VULHUB",
        "id": "VHN-381398"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22924"
      },
      {
        "db": "PACKETSTORM",
        "id": "164523"
      },
      {
        "db": "PACKETSTORM",
        "id": "166714"
      },
      {
        "db": "PACKETSTORM",
        "id": "163637"
      },
      {
        "db": "PACKETSTORM",
        "id": "164583"
      },
      {
        "db": "PACKETSTORM",
        "id": "164221"
      },
      {
        "db": "PACKETSTORM",
        "id": "164282"
      },
      {
        "db": "PACKETSTORM",
        "id": "164555"
      },
      {
        "db": "PACKETSTORM",
        "id": "164755"
      },
      {
        "db": "PACKETSTORM",
        "id": "164948"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-22924",
        "trust": 3.7
      },
      {
        "db": "HACKERONE",
        "id": "1223565",
        "trust": 1.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-732250",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-484086",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-389290",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU91709091",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99030761",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009762",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "164948",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "164755",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "164583",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "165008",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-381398",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22924",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164523",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166714",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163637",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164221",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164282",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "164555",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381398"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22924"
      },
      {
        "db": "PACKETSTORM",
        "id": "164523"
      },
      {
        "db": "PACKETSTORM",
        "id": "166714"
      },
      {
        "db": "PACKETSTORM",
        "id": "163637"
      },
      {
        "db": "PACKETSTORM",
        "id": "164583"
      },
      {
        "db": "PACKETSTORM",
        "id": "164221"
      },
      {
        "db": "PACKETSTORM",
        "id": "164282"
      },
      {
        "db": "PACKETSTORM",
        "id": "164555"
      },
      {
        "db": "PACKETSTORM",
        "id": "164755"
      },
      {
        "db": "PACKETSTORM",
        "id": "164948"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009762"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22924"
      }
    ]
  },
  "id": "VAR-202108-2222",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381398"
      }
    ],
    "trust": 0.7410993499999999
  },
  "last_update_date": "2026-04-10T22:46:32.438000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "hitachi-sec-2023-204",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-22924 log"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202107-61] libcurl-compat: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-61"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202107-60] lib32-curl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-60"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202107-64] lib32-libcurl-gnutls: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-64"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202107-62] lib32-libcurl-compat: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-62"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202107-63] libcurl-gnutls: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-63"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202107-59] curl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-59"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-22924"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009762"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-706",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      },
      {
        "problemtype": "Use of incorrectly resolved names and references (CWE-706) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381398"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009762"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22924"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.9,
        "url": "https://hackerone.com/reports/1223565"
      },
      {
        "trust": 1.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2022/dsa-5197"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cusers.kafka.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cusers.kafka.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cdev.kafka.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cdev.kafka.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2021-22924"
      },
      {
        "trust": 0.8,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91709091/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99030761/index.html"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-22922"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2021-22923"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-36222"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-37750"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36222"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37750"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-3653"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-32626"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-32687"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32626"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32675"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23017"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-32675"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-41099"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32627"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32687"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32628"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32672"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-23017"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-32627"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-32672"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-32628"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41099"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-22947"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-22946"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3656"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25648"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cdev.kafka.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cdev.kafka.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cusers.kafka.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cusers.kafka.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "http://seclists.org/oss-sec/2021/q3/26"
      },
      {
        "trust": 0.1,
        "url": "https://security.archlinux.org/cve-2021-22924"
      },
      {
        "trust": 0.1,
        "url": "https://security.archlinux.org/asa-202107-61"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23434"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3873"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1354"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22876"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.14"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5021-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.6"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37576"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3949"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23841"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-37576"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4658"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3582"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27777"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29154"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31535"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3653"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29650"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27777"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29154"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-32399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-29650"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22555"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-31535"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-22555"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27922"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1109"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7608"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26237"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-21270"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25292"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25289"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20920"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3728"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-34552"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35653"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25289"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35654"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1109"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-3721"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23368"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8203"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1107"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-3774"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7608"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16137"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8203"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-21270"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23382"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15366"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25291"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16492"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27921"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3774"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20920"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27515"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20922"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-1010266"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35654"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27923"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25290"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23364"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16492"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010266"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20922"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1107"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3917"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26291"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35653"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23382"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-16138"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-3728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3721"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15366"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-27516"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16138"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-16137"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23364"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23368"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:4104"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33195"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3121"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33198"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-31525"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-34558"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33197"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34558"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33929"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-0512"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-32803"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33930"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32690"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3711"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:4618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3733"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36385"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3712"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-32804"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33623"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33938"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33929"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32804"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-32690"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3711"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3749"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33930"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33623"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33928"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33938"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32803"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33928"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381398"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22924"
      },
      {
        "db": "PACKETSTORM",
        "id": "164523"
      },
      {
        "db": "PACKETSTORM",
        "id": "166714"
      },
      {
        "db": "PACKETSTORM",
        "id": "163637"
      },
      {
        "db": "PACKETSTORM",
        "id": "164583"
      },
      {
        "db": "PACKETSTORM",
        "id": "164221"
      },
      {
        "db": "PACKETSTORM",
        "id": "164282"
      },
      {
        "db": "PACKETSTORM",
        "id": "164555"
      },
      {
        "db": "PACKETSTORM",
        "id": "164755"
      },
      {
        "db": "PACKETSTORM",
        "id": "164948"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009762"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22924"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-381398",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-22924",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164523",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "166714",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "163637",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164583",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164221",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164282",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164555",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164755",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "164948",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009762",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2021-22924",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-08-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-381398",
        "ident": null
      },
      {
        "date": "2021-10-15T15:06:44",
        "db": "PACKETSTORM",
        "id": "164523",
        "ident": null
      },
      {
        "date": "2022-04-13T22:20:44",
        "db": "PACKETSTORM",
        "id": "166714",
        "ident": null
      },
      {
        "date": "2021-07-22T23:15:11",
        "db": "PACKETSTORM",
        "id": "163637",
        "ident": null
      },
      {
        "date": "2021-10-21T15:31:47",
        "db": "PACKETSTORM",
        "id": "164583",
        "ident": null
      },
      {
        "date": "2021-09-21T15:40:44",
        "db": "PACKETSTORM",
        "id": "164221",
        "ident": null
      },
      {
        "date": "2021-09-24T15:49:04",
        "db": "PACKETSTORM",
        "id": "164282",
        "ident": null
      },
      {
        "date": "2021-10-19T15:32:20",
        "db": "PACKETSTORM",
        "id": "164555",
        "ident": null
      },
      {
        "date": "2021-11-03T17:47:45",
        "db": "PACKETSTORM",
        "id": "164755",
        "ident": null
      },
      {
        "date": "2021-11-12T17:01:04",
        "db": "PACKETSTORM",
        "id": "164948",
        "ident": null
      },
      {
        "date": "2022-05-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-009762",
        "ident": null
      },
      {
        "date": "2021-08-05T21:15:11.380000",
        "db": "NVD",
        "id": "CVE-2021-22924",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2022-10-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-381398",
        "ident": null
      },
      {
        "date": "2025-09-19T08:27:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-009762",
        "ident": null
      },
      {
        "date": "2025-06-09T15:15:24.403000",
        "db": "NVD",
        "id": "CVE-2021-22924",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163637"
      }
    ],
    "trust": 0.1
  },
  "title": {
    "_id": null,
    "data": "cURL\u00a0 Incorrectly resolved name and reference usage vulnerabilities in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009762"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "overflow",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "164523"
      },
      {
        "db": "PACKETSTORM",
        "id": "164583"
      },
      {
        "db": "PACKETSTORM",
        "id": "164948"
      }
    ],
    "trust": 0.3
  }
}

WID-SEC-W-2022-0874

Vulnerability from csaf_certbund - Published: 2021-07-20 22:00 - Updated: 2023-07-04 22:00

Summary

cURL: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um Dateien zu manipulieren oder Informationen offenzulegen.

Betroffene Betriebssysteme: - UNIX - Linux - MacOS X - Windows - NetApp Appliance

CVE-2021-22922

Es existiert eine Schwachstelle in cURL im Metalink Feature. Die Prüfung des Inhaltes findet via Hash-Vergleich statt. Wenn sich eine Datei geändert hat, z.B. durch einen Angreifer und daher ein anderer Hash existiert, wird die Datei trotzdem heruntergeladen und der Nutzer nur benachrichtigt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.

Affected products

Known affected 10 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
NetApp Data ONTAP NetApp	`cpe:/a:netapp:data_ontap:-`	—
Open Source Arch Linux Open Source	`cpe:/o:archlinux:archlinux:-`	—
Dell NetWorker < 19.9.0.1 Dell	`cpe:/a:dell:networker:19.9.0.1`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2021-22923

Es existiert eine Schwachstelle in cURL. Beim Download einer Metalink XML-Datei mit einem Benutzernamen und Passwort werden die Anmeldedaten unverschlüsselt mitgesendet. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen.

Affected products

Known affected 9 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Arch Linux Open Source	`cpe:/o:archlinux:archlinux:-`	—
Dell NetWorker < 19.9.0.1 Dell	`cpe:/a:dell:networker:19.9.0.1`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2021-22924

Es existiert eine Schwachstelle in cURL. Die Möglichkeit Verbindungen zu speichern, ist nicht Case-Sensitiv, gleichzeitig wird auch das Feld "issuer cert" nicht überprüft. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er einen bestehenden Pfad anpasst um den Download einer Datei zu manipulieren.

Affected products

Known affected 9 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Arch Linux Open Source	`cpe:/o:archlinux:archlinux:-`	—
Dell NetWorker < 19.9.0.1 Dell	`cpe:/a:dell:networker:19.9.0.1`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2021-22925

Es existiert eine Schwachstelle in cURL in der -t Option. Diese Option dient dazu Dateien zu einem Telnet-Server zu senden. Dabei können nicht-initialisierte Daten vom Stack gesendet werden, da keine Kontrolle vor dem Versand stattfindet. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Dateien offenzulegen.

Affected products

Known affected 9 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Arch Linux Open Source	`cpe:/o:archlinux:archlinux:-`	—
Dell NetWorker < 19.9.0.1 Dell	`cpe:/a:dell:networker:19.9.0.1`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

References

45 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.dell.com/support/kbdoc/de-de/00021549…	external
https://ubuntu.com/security/notices/USN-5894-1	external
https://access.redhat.com/errata/RHSA-2021:3903	external
http://seclists.org/oss-sec/2021/q3/27	external
http://seclists.org/oss-sec/2021/q3/24	external
http://seclists.org/oss-sec/2021/q3/25	external
http://seclists.org/oss-sec/2021/q3/26	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://security.archlinux.org/ASA-202107-60	external
https://security.archlinux.org/ASA-202107-59	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://security.archlinux.org/ASA-202107-62	external
https://security.archlinux.org/ASA-202107-61	external
https://security.archlinux.org/ASA-202107-63	external
https://security.archlinux.org/ASA-202107-64	external
https://ubuntu.com/security/notices/USN-5021-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2021:4511	external
https://lists.debian.org/debian-lts-announce/2021…	external
https://security.netapp.com/advisory/ntap-2021090…	external
https://alas.aws.amazon.com/ALAS-2021-1525.html	external
https://alas.aws.amazon.com/AL2/ALAS-2021-1700.html	external
https://access.redhat.com/errata/RHSA-2021:3582	external
http://linux.oracle.com/errata/ELSA-2021-3582.html	external
https://access.redhat.com/errata/RHSA-2021:3653	external
https://access.redhat.com/errata/RHSA-2021:3694	external
https://access.redhat.com/errata/RHSA-2021:3851	external
https://access.redhat.com/errata/RHSA-2021:3873	external
https://access.redhat.com/errata/RHSA-2021:4104	external
https://access.redhat.com/errata/RHSA-2021:4582	external
https://access.redhat.com/errata/RHSA-2021:4618	external
https://linux.oracle.com/errata/ELSA-2021-4511.html	external
https://access.redhat.com/errata/RHSA-2021:4848	external
https://access.redhat.com/errata/RHSA-2021:4845	external
https://ubuntu.com/security/notices/USN-5021-2	external
https://access.redhat.com/errata/RHSA-2022:0318	external
https://access.redhat.com/errata/RHSA-2022:0434	external
https://access.redhat.com/errata/RHSA-2022:1354	external
https://lists.debian.org/debian-security-announce…	external
https://lists.debian.org/debian-lts-announce/2022…	external
https://security.gentoo.org/glsa/202212-01	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um Dateien zu manipulieren oder Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- MacOS X\n- Windows\n- NetApp Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0874 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0874.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0874 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0874"
      },
      {
        "category": "external",
        "summary": "Security update for Dell NetWorker",
        "url": "https://www.dell.com/support/kbdoc/de-de/000215497/dsa-2023-233-security-update-for-dell-networker-curl-7-51-0"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5894-1 vom 2023-02-27",
        "url": "https://ubuntu.com/security/notices/USN-5894-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3903 vom 2021-10-19",
        "url": "https://access.redhat.com/errata/RHSA-2021:3903"
      },
      {
        "category": "external",
        "summary": "Eintrag in der OSS Mailing-list vom 2021-07-20",
        "url": "http://seclists.org/oss-sec/2021/q3/27"
      },
      {
        "category": "external",
        "summary": "Eintrag in der OSS Mailing-list vom 2021-07-20",
        "url": "http://seclists.org/oss-sec/2021/q3/24"
      },
      {
        "category": "external",
        "summary": "Eintrag in der OSS Mailing-list vom 2021-07-20",
        "url": "http://seclists.org/oss-sec/2021/q3/25"
      },
      {
        "category": "external",
        "summary": "Eintrag in der OSS Mailing-list vom 2021-07-20",
        "url": "http://seclists.org/oss-sec/2021/q3/26"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:14768-1 vom 2021-07-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009195.html"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-60 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-60"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-59 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-59"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2439-1 vom 2021-07-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009197.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2440-1 vom 2021-07-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009199.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2425-1 vom 2021-07-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009187.html"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-62 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-62"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-61 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-61"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-63 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-63"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202107-64 vom 2021-07-22",
        "url": "https://security.archlinux.org/ASA-202107-64"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5021-1 vom 2021-07-22",
        "url": "https://ubuntu.com/security/notices/USN-5021-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:2462-1 vom 2021-07-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-July/009210.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:4511 vom 2021-11-09",
        "url": "https://access.redhat.com/errata/RHSA-2021:4511"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2734 vom 2021-08-13",
        "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20210902-0003 vom 2021-09-02",
        "url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2021-1525 vom 2021-09-08",
        "url": "https://alas.aws.amazon.com/ALAS-2021-1525.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2021-1700 vom 2021-09-15",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1700.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3582 vom 2021-09-21",
        "url": "https://access.redhat.com/errata/RHSA-2021:3582"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-3582 vom 2021-09-22",
        "url": "http://linux.oracle.com/errata/ELSA-2021-3582.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3653 vom 2021-09-23",
        "url": "https://access.redhat.com/errata/RHSA-2021:3653"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3694 vom 2021-09-29",
        "url": "https://access.redhat.com/errata/RHSA-2021:3694"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3851 vom 2021-10-14",
        "url": "https://access.redhat.com/errata/RHSA-2021:3851"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3873 vom 2021-10-15",
        "url": "https://access.redhat.com/errata/RHSA-2021:3873"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:4104 vom 2021-11-02",
        "url": "https://access.redhat.com/errata/RHSA-2021:4104"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:4582 vom 2021-11-10",
        "url": "https://access.redhat.com/errata/RHSA-2021:4582"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:4618 vom 2021-11-11",
        "url": "https://access.redhat.com/errata/RHSA-2021:4618"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-4511 vom 2021-11-16",
        "url": "https://linux.oracle.com/errata/ELSA-2021-4511.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:4848 vom 2021-11-29",
        "url": "https://access.redhat.com/errata/RHSA-2021:4848"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:4845 vom 2021-11-29",
        "url": "https://access.redhat.com/errata/RHSA-2021:4845"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5021-2 vom 2022-01-20",
        "url": "https://ubuntu.com/security/notices/USN-5021-2"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0318 vom 2022-01-27",
        "url": "https://access.redhat.com/errata/RHSA-2022:0318"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0434 vom 2022-02-04",
        "url": "https://access.redhat.com/errata/RHSA-2022:0434"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:1354 vom 2022-04-13",
        "url": "https://access.redhat.com/errata/RHSA-2022:1354"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5197 vom 2022-08-01",
        "url": "https://lists.debian.org/debian-security-announce/2022/msg00166.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3085 vom 2022-08-29",
        "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202212-01 vom 2022-12-19",
        "url": "https://security.gentoo.org/glsa/202212-01"
      }
    ],
    "source_lang": "en-US",
    "title": "cURL: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-07-04T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:32:37.392+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-0874",
      "initial_release_date": "2021-07-20T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2021-07-20T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2021-07-21T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE, Arch Linux und Fedora aufgenommen"
        },
        {
          "date": "2021-07-22T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2021-07-25T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2021-08-12T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-09-01T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von NetApp aufgenommen"
        },
        {
          "date": "2021-09-08T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2021-09-15T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2021-09-20T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-09-21T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2021-09-23T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-09-29T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-10-13T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-10-14T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-10-18T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-11-02T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-11-09T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-11-10T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-11-11T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-11-16T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2021-11-29T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-01-19T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2022-01-27T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-02-03T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-04-13T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-01T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2022-08-28T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2022-12-18T23:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2023-02-27T23:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-07-04T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "30"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell NetWorker \u003c 19.9.0.1",
            "product": {
              "name": "Dell NetWorker \u003c 19.9.0.1",
              "product_id": "T028404",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:networker:19.9.0.1"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "NetApp Data ONTAP",
            "product": {
              "name": "NetApp Data ONTAP",
              "product_id": "7654",
              "product_identification_helper": {
                "cpe": "cpe:/a:netapp:data_ontap:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Arch Linux",
            "product": {
              "name": "Open Source Arch Linux",
              "product_id": "T013312",
              "product_identification_helper": {
                "cpe": "cpe:/o:archlinux:archlinux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Open Source cURL \u003c 7.78.0",
            "product": {
              "name": "Open Source cURL \u003c 7.78.0",
              "product_id": "T000502",
              "product_identification_helper": {
                "cpe": "cpe:/a:curl:curl:7.29.0"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-22922",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in cURL im Metalink Feature. Die Pr\u00fcfung des Inhaltes findet via Hash-Vergleich statt. Wenn sich eine Datei ge\u00e4ndert hat, z.B. durch einen Angreifer und daher ein anderer Hash existiert, wird die Datei trotzdem heruntergeladen und der Nutzer nur benachrichtigt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "7654",
          "T013312",
          "T028404",
          "398363",
          "T012167",
          "T004914"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-22922"
    },
    {
      "cve": "CVE-2021-22923",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in cURL. Beim Download einer Metalink XML-Datei mit einem Benutzernamen und Passwort werden die Anmeldedaten unverschl\u00fcsselt mitgesendet. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T013312",
          "T028404",
          "398363",
          "T012167",
          "T004914"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-22923"
    },
    {
      "cve": "CVE-2021-22924",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in cURL. Die M\u00f6glichkeit Verbindungen zu speichern, ist nicht Case-Sensitiv, gleichzeitig wird auch das Feld \"issuer cert\" nicht \u00fcberpr\u00fcft. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er einen bestehenden Pfad anpasst um den Download einer Datei zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T013312",
          "T028404",
          "398363",
          "T012167",
          "T004914"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-22924"
    },
    {
      "cve": "CVE-2021-22925",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in cURL in der -t Option. Diese Option dient dazu Dateien zu einem Telnet-Server zu senden. Dabei k\u00f6nnen nicht-initialisierte Daten vom Stack gesendet werden, da keine Kontrolle vor dem Versand stattfindet. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Dateien offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T013312",
          "T028404",
          "398363",
          "T012167",
          "T004914"
        ]
      },
      "release_date": "2021-07-20T22:00:00.000+00:00",
      "title": "CVE-2021-22925"
    }
  ]
}

WID-SEC-W-2023-1350

Vulnerability from csaf_certbund - Published: 2023-06-01 22:00 - Updated: 2025-11-18 23:00

Summary

Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern

Severity

Mittel

Notes

Produktbeschreibung: Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2017-16042

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2018-25032

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2019-10744

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2019-10746

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2019-20149

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-13822

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-15138

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-28469

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-7662

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-7753

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-7774

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8116

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8169

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8177

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8203

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8231

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8284

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8285

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8286

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-20095

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22876

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22890

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22897

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22898

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22901

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22922

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22923

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22924

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22925

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22926

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22945

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22946

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22947

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-23343

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-23368

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-23382

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-27292

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-29060

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-31566

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33502

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33503

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33587

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-3520

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-36976

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-3803

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-43565

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-1705

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-1962

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-22576

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23491

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23772

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23773

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23806

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24675

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24921

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24999

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-25858

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27191

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27664

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27774

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27775

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27776

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27778

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27779

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27780

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27781

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27782

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-28131

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-28327

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-2879

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-2880

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-29526

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-29804

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30115

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30580

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30629

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30630

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30631

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30632

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30633

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30634

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30635

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-31129

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32148

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32189

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32205

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32206

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32207

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32208

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32221

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-33987

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-3517

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35252

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35260

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35737

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-36227

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37434

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37599

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37601

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37603

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37616

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-38900

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40023

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40303

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40304

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41715

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41716

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41720

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-4200

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42004

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42915

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42916

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-4304

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-43551

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-43552

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-43680

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-46175

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-0215

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-0286

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-1370

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23914

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23915

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23916

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27533

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27534

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27535

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27536

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27537

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27538

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

References

8 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://advisory.splunk.com/advisories/SVD-2023-0613	external
https://www.ibm.com/support/pages/node/7008449	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://confluence.atlassian.com/security/securit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1350 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1350.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1350 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1350"
      },
      {
        "category": "external",
        "summary": "Splunk Enterprise Security Advisory SVD-2023-0613 vom 2023-06-01",
        "url": "https://advisory.splunk.com/advisories/SVD-2023-0613"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7008449 vom 2023-06-29",
        "url": "https://www.ibm.com/support/pages/node/7008449"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0487-1 vom 2024-02-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017931.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0486-1 vom 2024-02-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017932.html"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin - November 18 2025",
        "url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern",
    "tracking": {
      "current_release_date": "2025-11-18T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-19T09:42:52.592+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2023-1350",
      "initial_release_date": "2023-06-01T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-06-01T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-06-29T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-01-23T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-02-15T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-11-18T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.1.1",
                "product": {
                  "name": "Atlassian Confluence \u003c10.1.1",
                  "product_id": "T048680"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.1",
                "product": {
                  "name": "Atlassian Confluence 10.1.1",
                  "product_id": "T048680-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:10.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.2",
                "product": {
                  "name": "Atlassian Confluence \u003c10.0.2",
                  "product_id": "T048685"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.2",
                "product": {
                  "name": "Atlassian Confluence 10.0.2",
                  "product_id": "T048685-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:10.0.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.7",
                "product": {
                  "name": "Atlassian Confluence \u003c9.2.7",
                  "product_id": "T048686"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.7",
                "product": {
                  "name": "Atlassian Confluence 9.2.7",
                  "product_id": "T048686-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:9.2.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.5.25",
                "product": {
                  "name": "Atlassian Confluence \u003c8.5.25",
                  "product_id": "T048687"
                }
              },
              {
                "category": "product_version",
                "name": "8.5.25",
                "product": {
                  "name": "Atlassian Confluence 8.5.25",
                  "product_id": "T048687-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.5.25"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM DB2",
            "product": {
              "name": "IBM DB2",
              "product_id": "5104",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:db2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.1.14",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c8.1.14",
                  "product_id": "T027935"
                }
              },
              {
                "category": "product_version",
                "name": "8.1.14",
                "product": {
                  "name": "Splunk Splunk Enterprise 8.1.14",
                  "product_id": "T027935-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:8.1.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.2.11",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c8.2.11",
                  "product_id": "T027936"
                }
              },
              {
                "category": "product_version",
                "name": "8.2.11",
                "product": {
                  "name": "Splunk Splunk Enterprise 8.2.11",
                  "product_id": "T027936-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:8.2.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.5",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.0.5",
                  "product_id": "T027937"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.5",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.0.5",
                  "product_id": "T027937-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.0.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-16042",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2017-16042"
    },
    {
      "cve": "CVE-2018-25032",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2018-25032"
    },
    {
      "cve": "CVE-2019-10744",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2019-10744"
    },
    {
      "cve": "CVE-2019-10746",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2019-10746"
    },
    {
      "cve": "CVE-2019-20149",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2019-20149"
    },
    {
      "cve": "CVE-2020-13822",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-13822"
    },
    {
      "cve": "CVE-2020-15138",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-15138"
    },
    {
      "cve": "CVE-2020-28469",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-28469"
    },
    {
      "cve": "CVE-2020-7662",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-7662"
    },
    {
      "cve": "CVE-2020-7753",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-7753"
    },
    {
      "cve": "CVE-2020-7774",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-7774"
    },
    {
      "cve": "CVE-2020-8116",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8116"
    },
    {
      "cve": "CVE-2020-8169",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8169"
    },
    {
      "cve": "CVE-2020-8177",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8177"
    },
    {
      "cve": "CVE-2020-8203",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8203"
    },
    {
      "cve": "CVE-2020-8231",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8231"
    },
    {
      "cve": "CVE-2020-8284",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8284"
    },
    {
      "cve": "CVE-2020-8285",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8285"
    },
    {
      "cve": "CVE-2020-8286",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8286"
    },
    {
      "cve": "CVE-2021-20095",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-20095"
    },
    {
      "cve": "CVE-2021-22876",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22876"
    },
    {
      "cve": "CVE-2021-22890",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22890"
    },
    {
      "cve": "CVE-2021-22897",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22897"
    },
    {
      "cve": "CVE-2021-22898",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22898"
    },
    {
      "cve": "CVE-2021-22901",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22901"
    },
    {
      "cve": "CVE-2021-22922",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22922"
    },
    {
      "cve": "CVE-2021-22923",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22923"
    },
    {
      "cve": "CVE-2021-22924",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22924"
    },
    {
      "cve": "CVE-2021-22925",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22925"
    },
    {
      "cve": "CVE-2021-22926",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22926"
    },
    {
      "cve": "CVE-2021-22945",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22945"
    },
    {
      "cve": "CVE-2021-22946",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22946"
    },
    {
      "cve": "CVE-2021-22947",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22947"
    },
    {
      "cve": "CVE-2021-23343",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-23343"
    },
    {
      "cve": "CVE-2021-23368",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-23368"
    },
    {
      "cve": "CVE-2021-23382",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-23382"
    },
    {
      "cve": "CVE-2021-27292",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-27292"
    },
    {
      "cve": "CVE-2021-29060",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-29060"
    },
    {
      "cve": "CVE-2021-31566",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-31566"
    },
    {
      "cve": "CVE-2021-33502",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-33502"
    },
    {
      "cve": "CVE-2021-33503",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-33503"
    },
    {
      "cve": "CVE-2021-33587",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-33587"
    },
    {
      "cve": "CVE-2021-3520",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-3520"
    },
    {
      "cve": "CVE-2021-36976",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-36976"
    },
    {
      "cve": "CVE-2021-3803",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-3803"
    },
    {
      "cve": "CVE-2021-43565",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-43565"
    },
    {
      "cve": "CVE-2022-1705",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-1705"
    },
    {
      "cve": "CVE-2022-1962",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-1962"
    },
    {
      "cve": "CVE-2022-22576",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-22576"
    },
    {
      "cve": "CVE-2022-23491",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-23491"
    },
    {
      "cve": "CVE-2022-23772",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-23772"
    },
    {
      "cve": "CVE-2022-23773",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-23773"
    },
    {
      "cve": "CVE-2022-23806",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-23806"
    },
    {
      "cve": "CVE-2022-24675",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-24675"
    },
    {
      "cve": "CVE-2022-24921",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-24921"
    },
    {
      "cve": "CVE-2022-24999",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-24999"
    },
    {
      "cve": "CVE-2022-25858",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-25858"
    },
    {
      "cve": "CVE-2022-27191",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27191"
    },
    {
      "cve": "CVE-2022-27664",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27664"
    },
    {
      "cve": "CVE-2022-27774",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27774"
    },
    {
      "cve": "CVE-2022-27775",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27775"
    },
    {
      "cve": "CVE-2022-27776",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27776"
    },
    {
      "cve": "CVE-2022-27778",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27778"
    },
    {
      "cve": "CVE-2022-27779",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27779"
    },
    {
      "cve": "CVE-2022-27780",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27780"
    },
    {
      "cve": "CVE-2022-27781",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27781"
    },
    {
      "cve": "CVE-2022-27782",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27782"
    },
    {
      "cve": "CVE-2022-28131",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-28131"
    },
    {
      "cve": "CVE-2022-28327",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-28327"
    },
    {
      "cve": "CVE-2022-2879",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-2879"
    },
    {
      "cve": "CVE-2022-2880",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-2880"
    },
    {
      "cve": "CVE-2022-29526",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-29526"
    },
    {
      "cve": "CVE-2022-29804",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-29804"
    },
    {
      "cve": "CVE-2022-30115",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30115"
    },
    {
      "cve": "CVE-2022-30580",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30580"
    },
    {
      "cve": "CVE-2022-30629",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30629"
    },
    {
      "cve": "CVE-2022-30630",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30630"
    },
    {
      "cve": "CVE-2022-30631",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30631"
    },
    {
      "cve": "CVE-2022-30632",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30632"
    },
    {
      "cve": "CVE-2022-30633",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30633"
    },
    {
      "cve": "CVE-2022-30634",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30634"
    },
    {
      "cve": "CVE-2022-30635",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30635"
    },
    {
      "cve": "CVE-2022-31129",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-31129"
    },
    {
      "cve": "CVE-2022-32148",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32148"
    },
    {
      "cve": "CVE-2022-32189",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32189"
    },
    {
      "cve": "CVE-2022-32205",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32205"
    },
    {
      "cve": "CVE-2022-32206",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32206"
    },
    {
      "cve": "CVE-2022-32207",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32207"
    },
    {
      "cve": "CVE-2022-32208",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32208"
    },
    {
      "cve": "CVE-2022-32221",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32221"
    },
    {
      "cve": "CVE-2022-33987",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-33987"
    },
    {
      "cve": "CVE-2022-3517",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-3517"
    },
    {
      "cve": "CVE-2022-35252",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-35252"
    },
    {
      "cve": "CVE-2022-35260",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-35260"
    },
    {
      "cve": "CVE-2022-35737",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-35737"
    },
    {
      "cve": "CVE-2022-36227",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-36227"
    },
    {
      "cve": "CVE-2022-37434",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37434"
    },
    {
      "cve": "CVE-2022-37599",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37599"
    },
    {
      "cve": "CVE-2022-37601",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37601"
    },
    {
      "cve": "CVE-2022-37603",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37603"
    },
    {
      "cve": "CVE-2022-37616",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37616"
    },
    {
      "cve": "CVE-2022-38900",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-38900"
    },
    {
      "cve": "CVE-2022-40023",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-40023"
    },
    {
      "cve": "CVE-2022-40303",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-40303"
    },
    {
      "cve": "CVE-2022-40304",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-40304"
    },
    {
      "cve": "CVE-2022-41715",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-41715"
    },
    {
      "cve": "CVE-2022-41716",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-41716"
    },
    {
      "cve": "CVE-2022-41720",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-41720"
    },
    {
      "cve": "CVE-2022-4200",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-4200"
    },
    {
      "cve": "CVE-2022-42004",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-42004"
    },
    {
      "cve": "CVE-2022-42915",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-42915"
    },
    {
      "cve": "CVE-2022-42916",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-42916"
    },
    {
      "cve": "CVE-2022-4304",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-4304"
    },
    {
      "cve": "CVE-2022-43551",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-43551"
    },
    {
      "cve": "CVE-2022-43552",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-43552"
    },
    {
      "cve": "CVE-2022-43680",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-43680"
    },
    {
      "cve": "CVE-2022-46175",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-46175"
    },
    {
      "cve": "CVE-2023-0215",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-0215"
    },
    {
      "cve": "CVE-2023-0286",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-0286"
    },
    {
      "cve": "CVE-2023-1370",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-1370"
    },
    {
      "cve": "CVE-2023-23914",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-23914"
    },
    {
      "cve": "CVE-2023-23915",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-23915"
    },
    {
      "cve": "CVE-2023-23916",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-23916"
    },
    {
      "cve": "CVE-2023-27533",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27533"
    },
    {
      "cve": "CVE-2023-27534",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27534"
    },
    {
      "cve": "CVE-2023-27535",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27535"
    },
    {
      "cve": "CVE-2023-27536",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27536"
    },
    {
      "cve": "CVE-2023-27537",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27537"
    },
    {
      "cve": "CVE-2023-27538",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27538"
    }
  ]
}

WID-SEC-W-2023-2229

Vulnerability from csaf_certbund - Published: 2023-08-30 22:00 - Updated: 2025-11-18 23:00

Summary

Splunk Splunk Enterprise: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.

Angriff: Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.

Betroffene Betriebssysteme: - Linux - MacOS X - Windows

CVE-2013-7489

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2018-10237

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2018-20225

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2019-20454

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2019-20838

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-14155

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-28469

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-28851

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-29652

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8169

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8177

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8231

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8284

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8285

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8286

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8908

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-20066

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22569

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22876

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22890

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22897

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22898

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22901

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22922

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22923

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22924

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22925

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22926

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22945

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22946

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22947

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-23343

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-23382

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-27918

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-27919

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-29060

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-29425

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-29923

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-31525

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-31566

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33194

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33195

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33196

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33197

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33198

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-34558

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-3520

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-3572

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-36221

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-36976

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-3803

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-38297

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-38561

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-39293

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-41182

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-41183

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-41184

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-41771

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-41772

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-43565

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-44716

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-44717

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-1705

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-1941

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-1962

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-22576

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-2309

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23491

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23772

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23773

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23806

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24675

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24921

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24999

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-25881

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27191

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27536

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27664

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27774

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27775

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27776

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27778

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27779

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27780

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27781

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27782

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-28131

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-28327

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-2879

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-2880

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-29526

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-29804

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30115

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30580

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30629

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30630

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30631

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30632

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30633

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30634

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30635

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-31129

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-3171

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32148

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32149

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32189

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32205

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32206

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32207

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32208

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32221

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-33987

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-3509

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-3510

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-3517

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35252

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35260

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35737

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-36227

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37599

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37601

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37603

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-38900

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40023

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40897

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40899

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41715

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41716

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41720

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41722

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42003

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42004

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42915

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42916

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-43551

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-43552

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-46175

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23914

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23915

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23916

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-24539

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-24540

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27533

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27534

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27535

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27536

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27537

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27538

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-29400

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-29402

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-29403

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-29404

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-29405

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40592

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40593

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40594

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40595

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40596

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40597

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40598

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

References

16 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://advisory.splunk.com//advisories/SVD-2023-0801	external
https://advisory.splunk.com//advisories/SVD-2023-0802	external
https://advisory.splunk.com//advisories/SVD-2023-0803	external
https://advisory.splunk.com//advisories/SVD-2023-0804	external
https://advisory.splunk.com//advisories/SVD-2023-0805	external
https://advisory.splunk.com//advisories/SVD-2023-0806	external
https://advisory.splunk.com//advisories/SVD-2023-0807	external
https://advisory.splunk.com//advisories/SVD-2023-0808	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://linux.oracle.com/errata/ELSA-2024-2988.html	external
https://advisory.splunk.com/advisories/SVD-2024-0718	external
https://advisory.splunk.com//advisories/SVD-2024-0801	external
https://lists.opensuse.org/archives/list/security…	external
https://confluence.atlassian.com/security/securit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2229 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2229.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2229 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2229"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0801"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0802"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0803"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0804"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0805"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0806"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0807"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0808"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28",
        "url": "https://linux.oracle.com/errata/ELSA-2024-2988.html"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0718 vom 2024-07-02",
        "url": "https://advisory.splunk.com/advisories/SVD-2024-0718"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0801 vom 2024-08-12",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0801"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:03545-1 vom 2025-10-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UB7MGNRMXC5LO5Y66FLOE354VVU5ULQK/"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin - November 18 2025",
        "url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Splunk Splunk Enterprise: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-18T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-19T09:42:41.445+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2023-2229",
      "initial_release_date": "2023-08-30T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-08-30T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-01-23T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-28T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-07-01T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        },
        {
          "date": "2024-08-12T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        },
        {
          "date": "2025-10-12T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-11-18T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.1.1",
                "product": {
                  "name": "Atlassian Confluence \u003c10.1.1",
                  "product_id": "T048680"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.1",
                "product": {
                  "name": "Atlassian Confluence 10.1.1",
                  "product_id": "T048680-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:10.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.2",
                "product": {
                  "name": "Atlassian Confluence \u003c10.0.2",
                  "product_id": "T048685"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.2",
                "product": {
                  "name": "Atlassian Confluence 10.0.2",
                  "product_id": "T048685-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:10.0.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.7",
                "product": {
                  "name": "Atlassian Confluence \u003c9.2.7",
                  "product_id": "T048686"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.7",
                "product": {
                  "name": "Atlassian Confluence 9.2.7",
                  "product_id": "T048686-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:9.2.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.5.25",
                "product": {
                  "name": "Atlassian Confluence \u003c8.5.25",
                  "product_id": "T048687"
                }
              },
              {
                "category": "product_version",
                "name": "8.5.25",
                "product": {
                  "name": "Atlassian Confluence 8.5.25",
                  "product_id": "T048687-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.5.25"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Splunk Splunk Enterprise",
                "product": {
                  "name": "Splunk Splunk Enterprise",
                  "product_id": "T008911",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.1.1",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.1.1",
                  "product_id": "T029634"
                }
              },
              {
                "category": "product_version",
                "name": "9.1.1",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.1.1",
                  "product_id": "T029634-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.6",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.0.6",
                  "product_id": "T029635"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.6",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.0.6",
                  "product_id": "T029635-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.0.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.2.12",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c8.2.12",
                  "product_id": "T029636"
                }
              },
              {
                "category": "product_version",
                "name": "8.2.12",
                "product": {
                  "name": "Splunk Splunk Enterprise 8.2.12",
                  "product_id": "T029636-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:8.2.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.1",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.2.1",
                  "product_id": "T033705"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.1",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.2.1",
                  "product_id": "T033705-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.2.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.1.4",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.1.4",
                  "product_id": "T033718"
                }
              },
              {
                "category": "product_version",
                "name": "9.1.4",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.1.4",
                  "product_id": "T033718-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.1.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.9",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.0.9",
                  "product_id": "T033720"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.9",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.0.9",
                  "product_id": "T033720-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.0.9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-7489",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2013-7489"
    },
    {
      "cve": "CVE-2018-10237",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2018-10237"
    },
    {
      "cve": "CVE-2018-20225",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2018-20225"
    },
    {
      "cve": "CVE-2019-20454",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2019-20454"
    },
    {
      "cve": "CVE-2019-20838",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2019-20838"
    },
    {
      "cve": "CVE-2020-14155",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-14155"
    },
    {
      "cve": "CVE-2020-28469",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-28469"
    },
    {
      "cve": "CVE-2020-28851",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-28851"
    },
    {
      "cve": "CVE-2020-29652",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-29652"
    },
    {
      "cve": "CVE-2020-8169",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8169"
    },
    {
      "cve": "CVE-2020-8177",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8177"
    },
    {
      "cve": "CVE-2020-8231",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8231"
    },
    {
      "cve": "CVE-2020-8284",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8284"
    },
    {
      "cve": "CVE-2020-8285",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8285"
    },
    {
      "cve": "CVE-2020-8286",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8286"
    },
    {
      "cve": "CVE-2020-8908",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8908"
    },
    {
      "cve": "CVE-2021-20066",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-20066"
    },
    {
      "cve": "CVE-2021-22569",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22569"
    },
    {
      "cve": "CVE-2021-22876",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22876"
    },
    {
      "cve": "CVE-2021-22890",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22890"
    },
    {
      "cve": "CVE-2021-22897",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22897"
    },
    {
      "cve": "CVE-2021-22898",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22898"
    },
    {
      "cve": "CVE-2021-22901",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22901"
    },
    {
      "cve": "CVE-2021-22922",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22922"
    },
    {
      "cve": "CVE-2021-22923",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22923"
    },
    {
      "cve": "CVE-2021-22924",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22924"
    },
    {
      "cve": "CVE-2021-22925",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22925"
    },
    {
      "cve": "CVE-2021-22926",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22926"
    },
    {
      "cve": "CVE-2021-22945",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22945"
    },
    {
      "cve": "CVE-2021-22946",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22946"
    },
    {
      "cve": "CVE-2021-22947",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22947"
    },
    {
      "cve": "CVE-2021-23343",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-23343"
    },
    {
      "cve": "CVE-2021-23382",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-23382"
    },
    {
      "cve": "CVE-2021-27918",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-27918"
    },
    {
      "cve": "CVE-2021-27919",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-27919"
    },
    {
      "cve": "CVE-2021-29060",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-29060"
    },
    {
      "cve": "CVE-2021-29425",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-29425"
    },
    {
      "cve": "CVE-2021-29923",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-29923"
    },
    {
      "cve": "CVE-2021-31525",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-31525"
    },
    {
      "cve": "CVE-2021-31566",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-31566"
    },
    {
      "cve": "CVE-2021-33194",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-33194"
    },
    {
      "cve": "CVE-2021-33195",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-33195"
    },
    {
      "cve": "CVE-2021-33196",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-33196"
    },
    {
      "cve": "CVE-2021-33197",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-33197"
    },
    {
      "cve": "CVE-2021-33198",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-33198"
    },
    {
      "cve": "CVE-2021-34558",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-34558"
    },
    {
      "cve": "CVE-2021-3520",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-3520"
    },
    {
      "cve": "CVE-2021-3572",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-3572"
    },
    {
      "cve": "CVE-2021-36221",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-36221"
    },
    {
      "cve": "CVE-2021-36976",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-36976"
    },
    {
      "cve": "CVE-2021-3803",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-3803"
    },
    {
      "cve": "CVE-2021-38297",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-38297"
    },
    {
      "cve": "CVE-2021-38561",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-38561"
    },
    {
      "cve": "CVE-2021-39293",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-39293"
    },
    {
      "cve": "CVE-2021-41182",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-41182"
    },
    {
      "cve": "CVE-2021-41183",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-41183"
    },
    {
      "cve": "CVE-2021-41184",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-41184"
    },
    {
      "cve": "CVE-2021-41771",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-41771"
    },
    {
      "cve": "CVE-2021-41772",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-41772"
    },
    {
      "cve": "CVE-2021-43565",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-43565"
    },
    {
      "cve": "CVE-2021-44716",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-44716"
    },
    {
      "cve": "CVE-2021-44717",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-44717"
    },
    {
      "cve": "CVE-2022-1705",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-1705"
    },
    {
      "cve": "CVE-2022-1941",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-1941"
    },
    {
      "cve": "CVE-2022-1962",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-1962"
    },
    {
      "cve": "CVE-2022-22576",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-22576"
    },
    {
      "cve": "CVE-2022-2309",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-2309"
    },
    {
      "cve": "CVE-2022-23491",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-23491"
    },
    {
      "cve": "CVE-2022-23772",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-23772"
    },
    {
      "cve": "CVE-2022-23773",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-23773"
    },
    {
      "cve": "CVE-2022-23806",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-23806"
    },
    {
      "cve": "CVE-2022-24675",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-24675"
    },
    {
      "cve": "CVE-2022-24921",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-24921"
    },
    {
      "cve": "CVE-2022-24999",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-24999"
    },
    {
      "cve": "CVE-2022-25881",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-25881"
    },
    {
      "cve": "CVE-2022-27191",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27191"
    },
    {
      "cve": "CVE-2022-27536",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27536"
    },
    {
      "cve": "CVE-2022-27664",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27664"
    },
    {
      "cve": "CVE-2022-27774",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27774"
    },
    {
      "cve": "CVE-2022-27775",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27775"
    },
    {
      "cve": "CVE-2022-27776",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27776"
    },
    {
      "cve": "CVE-2022-27778",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27778"
    },
    {
      "cve": "CVE-2022-27779",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27779"
    },
    {
      "cve": "CVE-2022-27780",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27780"
    },
    {
      "cve": "CVE-2022-27781",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27781"
    },
    {
      "cve": "CVE-2022-27782",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27782"
    },
    {
      "cve": "CVE-2022-28131",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-28131"
    },
    {
      "cve": "CVE-2022-28327",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-28327"
    },
    {
      "cve": "CVE-2022-2879",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-2879"
    },
    {
      "cve": "CVE-2022-2880",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-2880"
    },
    {
      "cve": "CVE-2022-29526",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-29526"
    },
    {
      "cve": "CVE-2022-29804",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-29804"
    },
    {
      "cve": "CVE-2022-30115",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30115"
    },
    {
      "cve": "CVE-2022-30580",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30580"
    },
    {
      "cve": "CVE-2022-30629",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30629"
    },
    {
      "cve": "CVE-2022-30630",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30630"
    },
    {
      "cve": "CVE-2022-30631",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30631"
    },
    {
      "cve": "CVE-2022-30632",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30632"
    },
    {
      "cve": "CVE-2022-30633",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30633"
    },
    {
      "cve": "CVE-2022-30634",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30634"
    },
    {
      "cve": "CVE-2022-30635",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30635"
    },
    {
      "cve": "CVE-2022-31129",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-31129"
    },
    {
      "cve": "CVE-2022-3171",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-3171"
    },
    {
      "cve": "CVE-2022-32148",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32148"
    },
    {
      "cve": "CVE-2022-32149",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32149"
    },
    {
      "cve": "CVE-2022-32189",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32189"
    },
    {
      "cve": "CVE-2022-32205",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32205"
    },
    {
      "cve": "CVE-2022-32206",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32206"
    },
    {
      "cve": "CVE-2022-32207",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32207"
    },
    {
      "cve": "CVE-2022-32208",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32208"
    },
    {
      "cve": "CVE-2022-32221",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32221"
    },
    {
      "cve": "CVE-2022-33987",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-33987"
    },
    {
      "cve": "CVE-2022-3509",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-3509"
    },
    {
      "cve": "CVE-2022-3510",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-3510"
    },
    {
      "cve": "CVE-2022-3517",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-3517"
    },
    {
      "cve": "CVE-2022-35252",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-35252"
    },
    {
      "cve": "CVE-2022-35260",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-35260"
    },
    {
      "cve": "CVE-2022-35737",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-35737"
    },
    {
      "cve": "CVE-2022-36227",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-36227"
    },
    {
      "cve": "CVE-2022-37599",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-37599"
    },
    {
      "cve": "CVE-2022-37601",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-37601"
    },
    {
      "cve": "CVE-2022-37603",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-37603"
    },
    {
      "cve": "CVE-2022-38900",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-38900"
    },
    {
      "cve": "CVE-2022-40023",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-40023"
    },
    {
      "cve": "CVE-2022-40897",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-40897"
    },
    {
      "cve": "CVE-2022-40899",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-40899"
    },
    {
      "cve": "CVE-2022-41715",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-41715"
    },
    {
      "cve": "CVE-2022-41716",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-41716"
    },
    {
      "cve": "CVE-2022-41720",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-41720"
    },
    {
      "cve": "CVE-2022-41722",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-41722"
    },
    {
      "cve": "CVE-2022-42003",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-42004",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-42004"
    },
    {
      "cve": "CVE-2022-42915",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-42915"
    },
    {
      "cve": "CVE-2022-42916",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-42916"
    },
    {
      "cve": "CVE-2022-43551",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-43551"
    },
    {
      "cve": "CVE-2022-43552",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-43552"
    },
    {
      "cve": "CVE-2022-46175",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-46175"
    },
    {
      "cve": "CVE-2023-23914",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-23914"
    },
    {
      "cve": "CVE-2023-23915",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-23915"
    },
    {
      "cve": "CVE-2023-23916",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-23916"
    },
    {
      "cve": "CVE-2023-24539",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-24539"
    },
    {
      "cve": "CVE-2023-24540",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-24540"
    },
    {
      "cve": "CVE-2023-27533",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27533"
    },
    {
      "cve": "CVE-2023-27534",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27534"
    },
    {
      "cve": "CVE-2023-27535",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27535"
    },
    {
      "cve": "CVE-2023-27536",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27536"
    },
    {
      "cve": "CVE-2023-27537",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27537"
    },
    {
      "cve": "CVE-2023-27538",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27538"
    },
    {
      "cve": "CVE-2023-29400",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-29400"
    },
    {
      "cve": "CVE-2023-29402",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-29402"
    },
    {
      "cve": "CVE-2023-29403",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-29403"
    },
    {
      "cve": "CVE-2023-29404",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-29404"
    },
    {
      "cve": "CVE-2023-29405",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-29405"
    },
    {
      "cve": "CVE-2023-40592",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40592"
    },
    {
      "cve": "CVE-2023-40593",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40593"
    },
    {
      "cve": "CVE-2023-40594",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40594"
    },
    {
      "cve": "CVE-2023-40595",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40595"
    },
    {
      "cve": "CVE-2023-40596",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40596"
    },
    {
      "cve": "CVE-2023-40597",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40597"
    },
    {
      "cve": "CVE-2023-40598",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40598"
    }
  ]
}

WID-SEC-W-2024-0556

Vulnerability from csaf_certbund - Published: 2024-03-05 23:00 - Updated: 2024-12-08 23:00

Summary

Sophos Unified Threat Management (UTM) Software: Mehrere Schwachstellen

Severity

Mittel

Notes

Produktbeschreibung: Sophos UTM ist eine Netzwerk-Appliance mit diversen Sicherheitsfunktionen (z.B. Firewall, Antivirus, Contentfilter).

Angriff: Ein anonymer Angreifer kann mehrere Schwachstellen in der Sophos Unified Threat Management (UTM)-Software ausnutzen, um vertrauliche Informationen offenzulegen, einen Denial of Service zu verursachen Dateien zu manipulieren oder weitere, unbekannte Auswirkungen zu verursachen.

Betroffene Betriebssysteme: - Linux - MacOS X - Windows

CVE-2021-22924

Es bestehen mehrere Schwachstellen in der Sophos Unified Threat Management (UTM) Software. Diese Fehler bestehen unter anderem in den Komponenten "curl", "OpenVPN" und "Tinyproxy". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, einen Denial of Service zu verursachen Dateien zu manipulieren oder weitere, unbekannte Auswirkungen zu verursachen.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Sophos Unified Threat Management (UTM) Software <9.719 Sophos / Unified Threat Management (UTM) Software		<9.719

CVE-2022-40468

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Sophos Unified Threat Management (UTM) Software <9.719 Sophos / Unified Threat Management (UTM) Software		<9.719

CVE-2023-28321

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Sophos Unified Threat Management (UTM) Software <9.719 Sophos / Unified Threat Management (UTM) Software		<9.719

CVE-2023-28322

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Sophos Unified Threat Management (UTM) Software <9.719 Sophos / Unified Threat Management (UTM) Software		<9.719

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://community.sophos.com/utm-firewall/b/blog/…	external
https://ubuntu.com/security/notices/USN-7140-1	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Sophos UTM ist eine Netzwerk-Appliance mit diversen Sicherheitsfunktionen (z.B. Firewall, Antivirus, Contentfilter).",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein anonymer Angreifer kann mehrere Schwachstellen in der Sophos Unified Threat Management (UTM)-Software ausnutzen, um vertrauliche Informationen offenzulegen, einen Denial of Service zu verursachen Dateien zu manipulieren oder weitere, unbekannte Auswirkungen zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0556 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0556.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0556 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0556"
      },
      {
        "category": "external",
        "summary": "Sophos Release Notes vom 2024-03-05",
        "url": "https://community.sophos.com/utm-firewall/b/blog/posts/utm-up2date-9-7-mr18-9-718-released-1810208219"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7140-1 vom 2024-12-09",
        "url": "https://ubuntu.com/security/notices/USN-7140-1"
      }
    ],
    "source_lang": "en-US",
    "title": "Sophos Unified Threat Management (UTM) Software: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-12-08T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-09T09:21:12.729+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-0556",
      "initial_release_date": "2024-03-05T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-03-05T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-12-08T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.719",
                "product": {
                  "name": "Sophos Unified Threat Management (UTM) Software \u003c9.719",
                  "product_id": "T033251"
                }
              },
              {
                "category": "product_version",
                "name": "9.719",
                "product": {
                  "name": "Sophos Unified Threat Management (UTM) Software 9.719",
                  "product_id": "T033251-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:sophos:unified_threat_management_software:9.719"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Unified Threat Management (UTM) Software"
          }
        ],
        "category": "vendor",
        "name": "Sophos"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-22924",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Sophos Unified Threat Management (UTM) Software. Diese Fehler bestehen unter anderem in den Komponenten \"curl\", \"OpenVPN\" und \"Tinyproxy\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, einen Denial of Service zu verursachen Dateien zu manipulieren oder weitere, unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T000126",
          "T033251"
        ]
      },
      "release_date": "2024-03-05T23:00:00.000+00:00",
      "title": "CVE-2021-22924"
    },
    {
      "cve": "CVE-2022-40468",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Sophos Unified Threat Management (UTM) Software. Diese Fehler bestehen unter anderem in den Komponenten \"curl\", \"OpenVPN\" und \"Tinyproxy\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, einen Denial of Service zu verursachen Dateien zu manipulieren oder weitere, unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T000126",
          "T033251"
        ]
      },
      "release_date": "2024-03-05T23:00:00.000+00:00",
      "title": "CVE-2022-40468"
    },
    {
      "cve": "CVE-2023-28321",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Sophos Unified Threat Management (UTM) Software. Diese Fehler bestehen unter anderem in den Komponenten \"curl\", \"OpenVPN\" und \"Tinyproxy\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, einen Denial of Service zu verursachen Dateien zu manipulieren oder weitere, unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T000126",
          "T033251"
        ]
      },
      "release_date": "2024-03-05T23:00:00.000+00:00",
      "title": "CVE-2023-28321"
    },
    {
      "cve": "CVE-2023-28322",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in der Sophos Unified Threat Management (UTM) Software. Diese Fehler bestehen unter anderem in den Komponenten \"curl\", \"OpenVPN\" und \"Tinyproxy\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, einen Denial of Service zu verursachen Dateien zu manipulieren oder weitere, unbekannte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T000126",
          "T033251"
        ]
      },
      "release_date": "2024-03-05T23:00:00.000+00:00",
      "title": "CVE-2023-28322"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-22924 (GCVE-0-2021-22924)

curl vulnerabilities

Tags

Sightings

Nomenclature