TrustKeeper Scan Engine Update for October 11, 2021

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache

• Apache HTTP Server httpd core NULL Pointer Dereference Vulnerability (CVE-2021-34798)
• Apache HTTP Server mod_proxy Server-Side Request Forgery Vulnerability (CVE-2021-40438)
• Apache HTTP Server mod_proxy_uwsgi Out Of Bound Read Vulnerability (CVE-2021-36160)
• Apache Tomcat NIO OpenSSL Denial of Service Vulnerability (CVE-2021-41079)

Atlassian Jira

• Atlassian Jira Email Template Code Injection Vulnerability (CVE-2021-39128)
• Atlassian Jira gadget endpoint Denial of Service Vulnerability (CVE-2021-39123)
• Atlassian Jira GIF Reader Denial of Service Vulnerability (CVE-2021-39116)
• Atlassian Jira password reset page Username Enumeration Vulnerability (CVE-2021-39125)
• Atlassian Jira private projects Information Disclosure Vulnerability (CVE-2021-39121)
• Atlassian Jira render API endpoint Enumeration Vulnerability (CVE-2021-39118)
• Atlassian Jira replay crafted request Cross-Site Request Forgery Vulnerability (CVE-2021-39124)
• Atlassian Jira restapi search Information Disclosure Vulnerability (CVE-2021-39122)
• Atlassian Jira whitelist endpoint Broken Access Control Vulnerability (CVE-2019-20101)

Adobe

• Adobe Acrobat and Reader Security Update Missing (APSB21-55) (CVE-2021-35982, CVE-2021-39836, CVE-2021-39837, CVE-2021-39838, CVE-2021-39839, CVE-2021-39840, CVE-2021-39841, CVE-2021-39842, CVE-2021-39843, CVE-2021-39844, CVE-2021-39845, CVE-2021-39846, CVE-2021-39849, CVE-2021-39850, CVE-2021-39851, CVE-2021-39852, CVE-2021-39853, CVE-2021-39854, CVE-2021-39855, CVE-2021-39856, CVE-2021-39857, CVE-2021-39858, CVE-2021-39859, CVE-2021-39860, CVE-2021-39861, CVE-2021-39863)

CentOS

• CentOS Linux curl security update (CESA-2021:3582) (CVE-2021-22922, CVE-2021-22923, CVE-2021-22924)
• CentOS Linux cyrus-imapd security update (CESA-2021:3492) (CVE-2021-33582)
• CentOS Linux firefox security update (CESA-2021:3497) (CVE-2021-38493)
• CentOS Linux firefox Security Update (CESA-2021:3498) (CVE-2021-38493)
• CentOS Linux go-toolset:rhel8 security update (CESA-2021:3585) (CVE-2021-29923)
• CentOS Linux kernel security, bug fix, and enhancement update (CESA-2021:3548) (CVE-2021-3653)
• CentOS Linux krb5 security update (CESA-2021:3576) (CVE-2021-36222, CVE-2021-37750)
• CentOS Linux mysql:8.0 security, bug fix, and enhancement update (CESA-2021:3590) (CVE-2020-14672, CVE-2020-14765, CVE-2020-14769, CVE-2020-14773, CVE-2020-14775, CVE-2020-14776, CVE-2020-14777, CVE-2020-14785, CVE-2020-14786, CVE-2020-14789, CVE-2020-14790, CVE-2020-14791, CVE-2020-14793, CVE-2020-14794, CVE-2020-14800, CVE-2020-14804, CVE-2020-14809, CVE-2020-14812, CVE-2020-14814, CVE-2020-14821, CVE-2020-14828, CVE-2020-14829, CVE-2020-14830, CVE-2020-14836, CVE-2020-14837, CVE-2020-14838, CVE-2020-14839, CVE-2020-14844, CVE-2020-14845, CVE-2020-14846, CVE-2020-14848, CVE-2020-14852, CVE-2020-14860, CVE-2020-14861, CVE-2020-14866, CVE-2020-14867, CVE-2020-14868, CVE-2020-14870, CVE-2020-14873, CVE-2020-14888, CVE-2020-14891, CVE-2020-14893, CVE-2021-2001, CVE-2021-2002, CVE-2021-2010, CVE-2021-2011, CVE-2021-2021, CVE-2021-2022, CVE-2021-2024, CVE-2021-2028, CVE-2021-2030, CVE-2021-2031, CVE-2021-2032, CVE-2021-2036, CVE-2021-2038, CVE-2021-2042, CVE-2021-2046, CVE-2021-2048, CVE-2021-2055, CVE-2021-2056, CVE-2021-2058, CVE-2021-2060, CVE-2021-2061, CVE-2021-2065, CVE-2021-2070, CVE-2021-2072, CVE-2021-2076, CVE-2021-2081, CVE-2021-2087, CVE-2021-2088, CVE-2021-2122, CVE-2021-2146, CVE-2021-2164, CVE-2021-2166, CVE-2021-2169, CVE-2021-2170, CVE-2021-2171, CVE-2021-2172, CVE-2021-2174, CVE-2021-2178, CVE-2021-2179, CVE-2021-2180, CVE-2021-2193, CVE-2021-2194, CVE-2021-2196, CVE-2021-2201, CVE-2021-2202, CVE-2021-2203, CVE-2021-2208, CVE-2021-2212, CVE-2021-2213, CVE-2021-2215, CVE-2021-2217, CVE-2021-2226, CVE-2021-2230, CVE-2021-2232, CVE-2021-2278, CVE-2021-2293, CVE-2021-2298, CVE-2021-2299, CVE-2021-2300, CVE-2021-2301, CVE-2021-2304, CVE-2021-2305, CVE-2021-2307, CVE-2021-2308, CVE-2021-2339, CVE-2021-2340, CVE-2021-2342, CVE-2021-2352, CVE-2021-2354, CVE-2021-2356, CVE-2021-2357, CVE-2021-2367, CVE-2021-2370, CVE-2021-2372, CVE-2021-2374, CVE-2021-2383, CVE-2021-2384, CVE-2021-2385, CVE-2021-2387, CVE-2021-2389, CVE-2021-2390, CVE-2021-2399, CVE-2021-2402, CVE-2021-2410, CVE-2021-2412, CVE-2021-2417, CVE-2021-2418, CVE-2021-2422, CVE-2021-2424, CVE-2021-2425, CVE-2021-2426, CVE-2021-2427, CVE-2021-2429, CVE-2021-2437, CVE-2021-2440, CVE-2021-2441, CVE-2021-2444)
• CentOS Linux nodejs:14 security and bug fix update (CESA-2021:3666) (CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672)
• CentOS Linux nss and nspr security, bug fix, and enhancement update (CESA-2021:3572) (CVE-2020-25648)
• CentOS Linux thunderbird Security Update (CESA-2021:3494) (CVE-2021-38493)
• CentOS Linux thunderbird security update (CESA-2021:3499) (CVE-2021-38493)

Debian

• Debian firefox-esr LTS Security Update (DLA-2756-1) (CVE-2021-38493)
• Debian firefox-esr Security Update (DSA-4969-1) (CVE-2021-38493)
• Debian ghostscript Security Update (DSA-4972-1) (CVE-2021-3781)
• Debian grilo LTS Security Update (DLA-2762-1) (CVE-2021-39365)
• Debian haproxy Security Update (DSA-4968-1) (CVE-2021-40346)
• Debian linux Security Update (DSA-4978-1) (CVE-2020-16119, CVE-2020-3702, CVE-2021-3653, CVE-2021-3656, CVE-2021-3679, CVE-2021-3732, CVE-2021-3739, CVE-2021-3743, CVE-2021-3753, CVE-2021-37576, CVE-2021-38160, CVE-2021-38166, CVE-2021-38199, CVE-2021-40490, CVE-2021-41073)
• Debian mupdf LTS Security Update (DLA-2765-1) (CVE-2016-10246, CVE-2016-10247, CVE-2017-6060, CVE-2018-1000036, CVE-2018-10289, CVE-2020-19609)
• Debian nettle LTS Security Update (DLA-2760-1) (CVE-2021-20305, CVE-2021-3580)
• Debian nextcloud-desktop Security Update (DSA-4974-1) (CVE-2021-22895, CVE-2021-32728)
• Debian ntfs-3g Security Update (DSA-4971-1) (CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263)
• Debian openssl LTS Security Update (DLA-2766-1) (CVE-2021-3712)
• Debian postorius Security Update (DSA-4970-1) (CVE-2021-40347)
• Debian qemu LTS Security Update (DLA-2753-2) (CVE-2021-3592)
• Debian ruby-kaminari LTS Security Update (DLA-2763-1) (CVE-2020-11082)
• Debian sssd LTS Security Update (DLA-2758-1) (CVE-2021-3621)
• Debian thunderbird LTS Security Update (DLA-2757-1) (CVE-2021-38493)
• Debian thunderbird Security Update (DSA-4973-1) (CVE-2021-38493)
• Debian tomcat8 LTS Security Update (DLA-2764-1) (CVE-2021-41079)
• Debian webkit2gtk Security Update (DSA-4975-1) (CVE-2021-30858)
• Debian wpewebkit Security Update (DSA-4976-1) (CVE-2021-30858)
• Debian xen Security Update (DSA-4977-1) (CVE-2021-28694, CVE-2021-28695, CVE-2021-28696, CVE-2021-28697, CVE-2021-28698, CVE-2021-28699, CVE-2021-28700, CVE-2021-28701)

Drupal

• Drupal Core HTTP APIs Acess Bypass Vulnerability (SA-CORE-2021-008) (CVE-2020-13675)
• Drupal Core JSON:API Acess Bypass Vulnerability (SA-CORE-2021-010) (CVE-2020-13677)
• Drupal Core Media Cross Site Request Forgery (SA-CORE-2021-006) (CVE-2020-13673)
• Drupal Core QuickEdit Acess Bypass Vulnerability (SA-CORE-2021-009) (CVE-2020-13676)
• Drupal Core QuickEdit Cross Site Request Forgery (SA-CORE-2021-007) (CVE-2020-13674)

Fedora

• Fedora chromium Security Update (FEDORA-2021-6225d60814) (CVE-2021-30565, CVE-2021-30566, CVE-2021-30567, CVE-2021-30568, CVE-2021-30569, CVE-2021-30571, CVE-2021-30572, CVE-2021-30573, CVE-2021-30574, CVE-2021-30575, CVE-2021-30576, CVE-2021-30577, CVE-2021-30578, CVE-2021-30579, CVE-2021-30580, CVE-2021-30581, CVE-2021-30582, CVE-2021-30583, CVE-2021-30584, CVE-2021-30585, CVE-2021-30586, CVE-2021-30587, CVE-2021-30588, CVE-2021-30589, CVE-2021-30590, CVE-2021-30591, CVE-2021-30592, CVE-2021-30593, CVE-2021-30594, CVE-2021-30596, CVE-2021-30597, CVE-2021-30598, CVE-2021-30599, CVE-2021-30600, CVE-2021-30601, CVE-2021-30602, CVE-2021-30603, CVE-2021-30604, CVE-2021-30606, CVE-2021-30607, CVE-2021-30608, CVE-2021-30609, CVE-2021-30610, CVE-2021-30611, CVE-2021-30612, CVE-2021-30613, CVE-2021-30614, CVE-2021-30615, CVE-2021-30616, CVE-2021-30617, CVE-2021-30618, CVE-2021-30619, CVE-2021-30620, CVE-2021-30621, CVE-2021-30622, CVE-2021-30623, CVE-2021-30624)
• Fedora chromium Security Update (FEDORA-2021-78b9d84299) (CVE-2021-30565, CVE-2021-30566, CVE-2021-30567, CVE-2021-30568, CVE-2021-30569, CVE-2021-30571, CVE-2021-30572, CVE-2021-30573, CVE-2021-30574, CVE-2021-30575, CVE-2021-30576, CVE-2021-30577, CVE-2021-30578, CVE-2021-30579, CVE-2021-30580, CVE-2021-30581, CVE-2021-30582, CVE-2021-30583, CVE-2021-30584, CVE-2021-30585, CVE-2021-30586, CVE-2021-30587, CVE-2021-30588, CVE-2021-30589, CVE-2021-30590, CVE-2021-30591, CVE-2021-30592, CVE-2021-30593, CVE-2021-30594, CVE-2021-30596, CVE-2021-30597, CVE-2021-30598, CVE-2021-30599, CVE-2021-30600, CVE-2021-30601, CVE-2021-30602, CVE-2021-30603, CVE-2021-30604, CVE-2021-30606, CVE-2021-30607, CVE-2021-30608, CVE-2021-30609, CVE-2021-30610, CVE-2021-30611, CVE-2021-30612, CVE-2021-30613, CVE-2021-30614, CVE-2021-30615, CVE-2021-30616, CVE-2021-30617, CVE-2021-30618, CVE-2021-30619, CVE-2021-30620, CVE-2021-30621, CVE-2021-30622, CVE-2021-30623, CVE-2021-30624)
• Fedora curl Security Update (FEDORA-2021-c5584b92d4) (CVE-2021-22945, CVE-2021-22946, CVE-2021-22947)
• Fedora drupal7 Security Update (FEDORA-2021-8093e197f4) (CVE-2020-13672, CVE-2020-28948, CVE-2020-28949, CVE-2020-36193, CVE-2021-32610)
• Fedora fetchmail Security Update (FEDORA-2021-9998719311) (CVE-2021-39272)
• Fedora fetchmail Security Update (FEDORA-2021-ddefbdbb46) (CVE-2021-39272)
• Fedora ghostscript Security Update (FEDORA-2021-256c80b4eb) (CVE-2021-3781)
• Fedora ghostscript Security Update (FEDORA-2021-be0a93fb15) (CVE-2021-3781)
• Fedora gifsicle Security Update (FEDORA-2021-b349650e52) (CVE-2020-19752)
• Fedora gifsicle Security Update (FEDORA-2021-c351011066) (CVE-2020-19752)
• Fedora golang Security Update (FEDORA-2021-38b51d9fd3) (CVE-2021-36221)
• Fedora golang Security Update (FEDORA-2021-6a3024b3fd) (CVE-2021-27919, CVE-2021-36221)
• Fedora haproxy Security Update (FEDORA-2021-3493f9f6ab) (CVE-2021-40346)
• Fedora haproxy Security Update (FEDORA-2021-cd5ee418f6) (CVE-2021-40346)
• Fedora httpd Security Update (FEDORA-2021-dce7e7738e) (CVE-2019-17567, CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438)
• Fedora kernel Security Update (FEDORA-2021-4ca1b080bb) (CVE-2021-40490)
• Fedora kernel Security Update (FEDORA-2021-60f1d2eba1) (CVE-2021-40490)
• Fedora lynx Security Update (FEDORA-2021-232161e4d5) (CVE-2021-38165)
• Fedora lynx Security Update (FEDORA-2021-f59bda7d94) (CVE-2021-38165)
• Fedora matrix-synapse Security Update (FEDORA-2021-2e8ed15b14) (CVE-2021-39163, CVE-2021-39164)
• Fedora mosquitto Security Update (FEDORA-2021-aee8f32946) (CVE-2021-34434)
• Fedora Multiple Packages Security Update (FEDORA-2021-9f020cf155) (CVE-2021-23437)
• Fedora Multiple Packages Security Update (FEDORA-2021-cbfaefb390) (CVE-2021-23437)
• Fedora ntfs-3g Security Update (FEDORA-2021-e7c8ba6301) (CVE-2021-33285, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254)
• Fedora python-rsa Security Update (FEDORA-2021-783a157adc) (CVE-2020-25658)
• Fedora python-rsa Security Update (FEDORA-2021-c1fef03e71) (CVE-2020-25658)
• Fedora salt Security Update (FEDORA-2021-00ada7e667) (CVE-2021-21996, CVE-2021-22004, CVE-2021-31607)
• Fedora salt Security Update (FEDORA-2021-93a7c8b7c6) (CVE-2021-21996, CVE-2021-22004, CVE-2021-31607)
• Fedora vim Security Update (FEDORA-2021-4a43cbe0b4) (CVE-2021-3770)
• Fedora vim Security Update (FEDORA-2021-5fa81a2b04) (CVE-2021-3770)
• Fedora webkit2gtk3 Security Update (FEDORA-2021-c00e45b6c0) (CVE-2021-30858)
• Fedora xen Security Update (FEDORA-2021-11577e5229) (CVE-2021-28701)
• Fedora xen Security Update (FEDORA-2021-fed53cbc7d) (CVE-2021-28701)

FreeBSD

• FreeBSD Apache httpd Security Update (882a38f9-17dd-11ec-b335-d4c9ef517024) (CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438)
• FreeBSD bouncycastle15 Security Update (70e71a24-0151-11ec-bf0c-080027eedc6a) (CVE-2020-28052)
• FreeBSD bouncycastle15 Security Update (89d5bca6-0150-11ec-bf0c-080027eedc6a) (CVE-2020-15522)
• FreeBSD chromium Security Update (3551e106-1b17-11ec-a8a7-704d7b472482) (CVE-2021-37956, CVE-2021-37957, CVE-2021-37958, CVE-2021-37959, CVE-2021-37960, CVE-2021-37961, CVE-2021-37962, CVE-2021-37963, CVE-2021-37964, CVE-2021-37965, CVE-2021-37966, CVE-2021-37967, CVE-2021-37968, CVE-2021-37969, CVE-2021-37970, CVE-2021-37971, CVE-2021-37972)
• FreeBSD chromium Security Update (47b571f2-157b-11ec-ae98-704d7b472482) (CVE-2021-30625, CVE-2021-30626, CVE-2021-30627, CVE-2021-30628, CVE-2021-30629, CVE-2021-30630, CVE-2021-30631, CVE-2021-30632, CVE-2021-30633)
• FreeBSD chromium Security Update (a7732806-0b2a-11ec-836b-3065ec8fd3ec) (CVE-2021-30606, CVE-2021-30607, CVE-2021-30608, CVE-2021-30609, CVE-2021-30610, CVE-2021-30611, CVE-2021-30612, CVE-2021-30613, CVE-2021-30614, CVE-2021-30615, CVE-2021-30616, CVE-2021-30617, CVE-2021-30618, CVE-2021-30619, CVE-2021-30620, CVE-2021-30621, CVE-2021-30622, CVE-2021-30623, CVE-2021-30624)
• FreeBSD chromium Security Update (b6c875f1-1d76-11ec-ae80-704d7b472482) (CVE-2021-37973)
• FreeBSD consul Security Update (376df2f1-1295-11ec-859e-000c292ee6b8) (CVE-2021-37219)
• FreeBSD cURL Security Update (c9221ec9-17a2-11ec-b335-d4c9ef517024) (CVE-2021-22945, CVE-2021-22946, CVE-2021-22947)
• FreeBSD cyrus-imapd Security Update (3d915d96-0b1f-11ec-8d9f-080027415d17) (CVE-2021-33582)
• FreeBSD fetchmail Security Update (1d6410e8-06c1-11ec-a35d-03ca114d16d6) (CVE-2021-39272)
• FreeBSD Gitlab Security Update (6c22bb39-0a9a-11ec-a265-001b217b3468) (CVE-2021-22238, CVE-2021-22257, CVE-2021-22258)
• FreeBSD go Security Update (4ea1082a-1259-11ec-b4fa-dd5a552bdd17) (CVE-2021-39293)
• FreeBSD libpano13 Security Update (15e74795-0fd7-11ec-9f2e-dca632b19f10) (CVE-2021-20307)
• FreeBSD libssh Security Update (57b1ee25-1a7c-11ec-9376-0800272221cc) (CVE-2021-3634)
• FreeBSD Matrix clients Security Update (93eb0e48-14ba-11ec-875e-901b0e9408dc) (CVE-2021-40823, CVE-2021-40824)
• FreeBSD mod_auth_mellon Security Update (7bba5b3b-1b7f-11ec-b335-d4c9ef517024) (CVE-2019-13038)
• FreeBSD Node.js Security Update (7062bce0-1b17-11ec-9d9d-0022489ad614) (CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712, CVE-2021-37713, CVE-2021-39135)
• FreeBSD Node.js Security Update (b092bd4f-1b16-11ec-9d9d-0022489ad614) (CVE-2021-22931, CVE-2021-22939, CVE-2021-22940)
• FreeBSD Node.js Security Update (c174118e-1b11-11ec-9d9d-0022489ad614) (CVE-2021-22918, CVE-2021-22921, CVE-2021-23362, CVE-2021-27290)
• FreeBSD Node.js Security Update (f53dab71-1b15-11ec-9d9d-0022489ad614) (CVE-2021-22930)
• FreeBSD OpenSSL Security Update (96811d4a-04ec-11ec-9b84-d4c9ef517024) (CVE-2021-3711, CVE-2021-3712)
• FreeBSD py-matrix-synapse Security Update (a67e358c-0bf6-11ec-875e-901b0e9408dc) (CVE-2021-39163, CVE-2021-39164)
• FreeBSD seatd-launch Security Update (49c35943-0eeb-421c-af4f-78e04582e5fb) (CVE-2021-41387)

Microsoft

• Microsoft Office April 2021 Security Updates Missing (CVE-2021-28449, CVE-2021-28450, CVE-2021-28451, CVE-2021-28452, CVE-2021-28453, CVE-2021-28454, CVE-2021-28456)
• Microsoft Office August 2021 Security Updates Missing (CVE-2021-36940)
• Microsoft Office February 2021 Security Updates Missing (CVE-2021-1726, CVE-2021-24066, CVE-2021-24067, CVE-2021-24068, CVE-2021-24069, CVE-2021-24070, CVE-2021-24071, CVE-2021-24072)
• Microsoft Office January 2021 Security Updates Missing (CVE-2021-1641, CVE-2021-1707, CVE-2021-1711, CVE-2021-1712, CVE-2021-1713, CVE-2021-1714, CVE-2021-1715, CVE-2021-1716, CVE-2021-1717, CVE-2021-1718, CVE-2021-1719)
• Microsoft Office July 2021 Security Updates Missing (CVE-2021-34452, CVE-2021-34467, CVE-2021-34468, CVE-2021-34469, CVE-2021-34501, CVE-2021-34517, CVE-2021-34518, CVE-2021-34519, CVE-2021-34520)
• Microsoft Office June 2021 Security Updates Missing (CVE-2021-26420, CVE-2021-31939, CVE-2021-31941, CVE-2021-31948, CVE-2021-31949, CVE-2021-31950, CVE-2021-31963, CVE-2021-31964, CVE-2021-31965, CVE-2021-31966)
• Microsoft Office March 2021 Security Updates Missing (CVE-2021-24104, CVE-2021-24108, CVE-2021-27052, CVE-2021-27053, CVE-2021-27054, CVE-2021-27057, CVE-2021-27059, CVE-2021-27076)
• Microsoft Office May 2021 Security Updates Missing (CVE-2021-26418, CVE-2021-28455, CVE-2021-28474, CVE-2021-28478, CVE-2021-31171, CVE-2021-31172, CVE-2021-31173, CVE-2021-31174, CVE-2021-31175, CVE-2021-31177, CVE-2021-31178, CVE-2021-31179, CVE-2021-31180, CVE-2021-31181)
• Microsoft Office September 2021 Security Updates Missing (CVE-2021-38646, CVE-2021-38651, CVE-2021-38652, CVE-2021-38655, CVE-2021-38660)

Oracle

• Oracle WebLogic Server Console JNDI Injection Vulnerability (CVE-2021-2109) (CVE-2021-2109)
• Oracle WebLogic Server Console Remote Code Execution Vulnerability (CVE-2020-14882) (CVE-2020-14882)

Red Hat (Credentialed Checks)

• Red Hat Enterprise Linux curl security update (RHSA-2021:3582) (CVE-2021-22922, CVE-2021-22923, CVE-2021-22924)
• Red Hat Enterprise Linux cyrus-imapd security update (RHSA-2021:3492) (CVE-2021-33582)
• Red Hat Enterprise Linux firefox security update (RHSA-2021:3497) (CVE-2021-38493)
• Red Hat Enterprise Linux firefox security update (RHSA-2021:3498) (CVE-2021-38493)
• Red Hat Enterprise Linux go-toolset:rhel8 security update (RHSA-2021:3585) (CVE-2021-29923)
• Red Hat Enterprise Linux kernel security and bug fix update (RHSA-2021:3438) (CVE-2021-3715)
• Red Hat Enterprise Linux kernel security and bug fix update (RHSA-2021:3447) (CVE-2021-37576, CVE-2021-38201)
• Red Hat Enterprise Linux kernel security, bug fix, and enhancement update (RHSA-2021:3548) (CVE-2021-3653)
• Red Hat Enterprise Linux kpatch-patch security update (RHSA-2021:3441) (CVE-2021-3715)
• Red Hat Enterprise Linux krb5 security update (RHSA-2021:3576) (CVE-2021-36222, CVE-2021-37750)
• Red Hat Enterprise Linux mysql:8.0 security, bug fix, and enhancement update (RHSA-2021:3590) (CVE-2020-14672, CVE-2020-14765, CVE-2020-14769, CVE-2020-14773, CVE-2020-14775, CVE-2020-14776, CVE-2020-14777, CVE-2020-14785, CVE-2020-14786, CVE-2020-14789, CVE-2020-14790, CVE-2020-14791, CVE-2020-14793, CVE-2020-14794, CVE-2020-14800, CVE-2020-14804, CVE-2020-14809, CVE-2020-14812, CVE-2020-14814, CVE-2020-14821, CVE-2020-14828, CVE-2020-14829, CVE-2020-14830, CVE-2020-14836, CVE-2020-14837, CVE-2020-14838, CVE-2020-14839, CVE-2020-14844, CVE-2020-14845, CVE-2020-14846, CVE-2020-14848, CVE-2020-14852, CVE-2020-14860, CVE-2020-14861, CVE-2020-14866, CVE-2020-14867, CVE-2020-14868, CVE-2020-14870, CVE-2020-14873, CVE-2020-14888, CVE-2020-14891, CVE-2020-14893, CVE-2021-2001, CVE-2021-2002, CVE-2021-2010, CVE-2021-2011, CVE-2021-2021, CVE-2021-2022, CVE-2021-2024, CVE-2021-2028, CVE-2021-2030, CVE-2021-2031, CVE-2021-2032, CVE-2021-2036, CVE-2021-2038, CVE-2021-2042, CVE-2021-2046, CVE-2021-2048, CVE-2021-2055, CVE-2021-2056, CVE-2021-2058, CVE-2021-2060, CVE-2021-2061, CVE-2021-2065, CVE-2021-2070, CVE-2021-2072, CVE-2021-2076, CVE-2021-2081, CVE-2021-2087, CVE-2021-2088, CVE-2021-2122, CVE-2021-2146, CVE-2021-2164, CVE-2021-2166, CVE-2021-2169, CVE-2021-2170, CVE-2021-2171, CVE-2021-2172, CVE-2021-2174, CVE-2021-2178, CVE-2021-2179, CVE-2021-2180, CVE-2021-2193, CVE-2021-2194, CVE-2021-2196, CVE-2021-2201, CVE-2021-2202, CVE-2021-2203, CVE-2021-2208, CVE-2021-2212, CVE-2021-2213, CVE-2021-2215, CVE-2021-2217, CVE-2021-2226, CVE-2021-2230, CVE-2021-2232, CVE-2021-2278, CVE-2021-2293, CVE-2021-2298, CVE-2021-2299, CVE-2021-2300, CVE-2021-2301, CVE-2021-2304, CVE-2021-2305, CVE-2021-2307, CVE-2021-2308, CVE-2021-2339, CVE-2021-2340, CVE-2021-2342, CVE-2021-2352, CVE-2021-2354, CVE-2021-2356, CVE-2021-2357, CVE-2021-2367, CVE-2021-2370, CVE-2021-2372, CVE-2021-2374, CVE-2021-2383, CVE-2021-2384, CVE-2021-2385, CVE-2021-2387, CVE-2021-2389, CVE-2021-2390, CVE-2021-2399, CVE-2021-2402, CVE-2021-2410, CVE-2021-2412, CVE-2021-2417, CVE-2021-2418, CVE-2021-2422, CVE-2021-2424, CVE-2021-2425, CVE-2021-2426, CVE-2021-2427, CVE-2021-2429, CVE-2021-2437, CVE-2021-2440, CVE-2021-2441, CVE-2021-2444)
• Red Hat Enterprise Linux nodejs:12 security and bug fix update (RHSA-2021:3623) (CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672)
• Red Hat Enterprise Linux nodejs:14 security and bug fix update (RHSA-2021:3666) (CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672)
• Red Hat Enterprise Linux nss and nspr security, bug fix, and enhancement update (RHSA-2021:3572) (CVE-2020-25648)
• Red Hat Enterprise Linux thunderbird security update (RHSA-2021:3494) (CVE-2021-38493)
• Red Hat Enterprise Linux thunderbird security update (RHSA-2021:3499) (CVE-2021-38493)

Ubuntu (Credentialed Checks)

• Ubuntu Apport vulnerabilities (USN-5077-1) (CVE-2021-3709, CVE-2021-3710)
• Ubuntu curl vulnerabilities (USN-5079-1) (CVE-2021-22945, CVE-2021-22946, CVE-2021-22947)
• Ubuntu curl vulnerabilities (USN-5079-3) (CVE-2021-22946, CVE-2021-22947)
• Ubuntu EDK II vulnerabilities (USN-5088-1) (CVE-2019-11098, CVE-2021-23840, CVE-2021-3712, CVE-2021-38575)
• Ubuntu Firefox vulnerabilities (USN-5074-1) (CVE-2021-38491, CVE-2021-38493, CVE-2021-38494)
• Ubuntu GD library vulnerabilities (USN-5068-1) (CVE-2017-6363, CVE-2021-38115, CVE-2021-40145)
• Ubuntu Ghostscript vulnerability (USN-5075-1) (CVE-2021-3781)
• Ubuntu Git vulnerability (USN-5076-1) (CVE-2021-40330)
• Ubuntu GNU cpio vulnerability (USN-5064-1) (CVE-2021-38185)
• Ubuntu HAProxy vulnerabilities (USN-5063-1) (CVE-2021-40346)
• Ubuntu Libgcrypt vulnerabilities (USN-5080-1) (CVE-2021-33560, CVE-2021-40528)
• Ubuntu LibTIFF vulnerability (USN-5084-1) (CVE-2020-19143)
• Ubuntu Linux kernel (GCP) vulnerabilities (USN-5073-2) (CVE-2021-34693, CVE-2021-3612, CVE-2021-3653, CVE-2021-3656, CVE-2021-38160)
• Ubuntu Linux kernel (HWE) vulnerabilities (USN-5071-2) (CVE-2020-36311, CVE-2021-22543, CVE-2021-3612, CVE-2021-3653, CVE-2021-3656)
• Ubuntu Linux kernel (OEM) vulnerabilities (USN-5082-1) (CVE-2021-3609, CVE-2021-3653, CVE-2021-3656)
• Ubuntu Linux kernel (Raspberry Pi) vulnerabilities (USN-5071-3) (CVE-2021-22543, CVE-2021-3612)
• Ubuntu Linux kernel (Raspberry Pi) vulnerabilities (USN-5073-3) (CVE-2021-34693, CVE-2021-3612, CVE-2021-38160)
• Ubuntu Linux kernel vulnerabilities (USN-5070-1) (CVE-2020-26541, CVE-2021-22543, CVE-2021-34693, CVE-2021-3612, CVE-2021-3653, CVE-2021-3656, CVE-2021-38198, CVE-2021-38200, CVE-2021-38206, CVE-2021-38207)
• Ubuntu Linux kernel vulnerabilities (USN-5071-1) (CVE-2020-36311, CVE-2021-22543, CVE-2021-3612, CVE-2021-3653, CVE-2021-3656)
• Ubuntu Linux kernel vulnerabilities (USN-5072-1) (CVE-2021-3653, CVE-2021-3656)
• Ubuntu Linux kernel vulnerabilities (USN-5073-1) (CVE-2021-34693, CVE-2021-3612, CVE-2021-3653, CVE-2021-3656, CVE-2021-38160)
• Ubuntu mod-auth-mellon vulnerability (USN-5069-1) (CVE-2021-3639)
• Ubuntu mod-auth-mellon vulnerability (USN-5069-2) (CVE-2021-3639)
• Ubuntu Open vSwitch vulnerability (USN-5065-1) (CVE-2021-36980)
• Ubuntu PySAML2 vulnerability (USN-5066-1) (CVE-2021-21239)
• Ubuntu Qt vulnerabilities (USN-5081-1) (CVE-2020-17507, CVE-2021-38593)
• Ubuntu SQL parse vulnerability (USN-5085-1) (CVE-2021-32839)
• Ubuntu Squashfs-Tools vulnerability (USN-5078-1) (CVE-2021-41072)
• Ubuntu SSSD vulnerabilities (USN-5067-1) (CVE-2018-10852, CVE-2018-16838, CVE-2019-3811, CVE-2021-3621)
• Ubuntu WebKitGTK vulnerabilities (USN-5087-1) (CVE-2021-30858)

WordPress

• WordPress block editor Information Disclosure Vulnerability (CVE-2021-39203)
• WordPress Custom HTML Cross-Site Scripting Vulnerability (CVE-2021-39202)
• WordPress unfiltered_html Cross-Site Scripting Vulnerability (CVE-2021-39201)
• WordPress wp_die() Information Disclosure Vulnerability (CVE-2021-39200)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.