var-202202-0050
Vulnerability from variot
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 2000478 - Using deprecated 1.25 API calls 2022742 - NNCP creation fails when node of a cluster is unavailable 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2028619 - policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+ 2029359 - NodeNetworkConfigurationPolicy refreshes all the conditions even if the policy has not gone to that state 2032837 - Add/remove label to priority class are not reconciled properly left HCO in Unknown status. 2033385 - Bug in kubernetes labels that are attached to the CNV logs 2038814 - [CNV-4.10-rhel9] hyperconverged-cluster-cli-download pod CrashLoopBackOff state 2039019 - Fix Top consumers dashboard 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2046686 - Importer pod keeps in retarting when dataimportcron has a reference to invalid image sha 2049990 - must-gather: must-gather is logging errors about upstream only namespaces 2053390 - No DataImportCron for CentOS 7 2054778 - PVC created with filesystem volume mode in some cases, instead of block volume mode 2054782 - DataImportCron status does not show failure when failing to create dataSource 2055304 - [4.10.z] nmstate interprets interface names as float64 and subsequently crashes on state update 2055950 - cnv installation should set empty node selector for openshift-cnv namespace 2056421 - non-privileged user cannot add disk as it cannot update resource "virtualmachines/addvolume" 2056464 - nmstate-webhook pods getting scheduled on the same node 2056619 - [4.10.z] kubemacpool-mac-controller-manager not ready 2057142 - CDI aggregate roles missing some types 2057148 - Cross namespace smart clone may get stuck in NamespaceTransferInProgress phase 2057613 - nmpolicy capture - race condition when appying teardown nncp; nnce fails 2059185 - must-gather: Must-gather gather_vms_details is not working when used with a list of vms 2059613 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs 2062227 - sriovLiveMigration should not be enabled on sno clusters 2062321 - when update attempt of hco.spec with storage classes failed, csv git stuck in installing state 2063991 - On upgraded cluster, "v2v-vmware" is present under hco.status.relatedObject 2065308 - CNV disables LiveMigration FG, but leaves LiveMigration workloadUpdateStrategy enabled 2065743 - 4.10.1 containers 2065755 - 4.10.1 rpms 2066086 - DataImportCrons do not automatically recover from unconfigured default storage class 2066712 - [4.10.z] Migration of vm from VMware reports pvc not large enough 2069055 - [4.10.z] On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop 2070050 - [4.10.1] Custom guest PCI address and boot order parameters are not respected in a list of multiple SR-IOV NICs 2073880 - Cannot create VM on SNO cluster as live migration feature is not enabled 2077920 - Migration in sequence can be reported as failed even when it succeeded 2078878 - SSP: Common templates fix to pick right templates
- Summary:
The Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):
2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040378 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [backend] 2057516 - [MTC UI] UI should not allow PVC mapping for Full migration 2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans 2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository 2061347 - [MTC] Log reader pod is missing velero and restic pod logs. 2061653 - [MTC UI] Migration Resources section showing pods from other namespaces 2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. 2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic) 2071000 - Storage Conversion: UI doesn't have the ability to skip PVC 2072036 - Migration plan for storage conversion cannot be created if there's no replication repository 2072186 - Wrong migration type description 2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration 2073496 - Errors in rsync pod creation are not printed in the controller logs 2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page
- Description:
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):
2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation
-
These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. (BZ#2048407)
-
Rebase package(s) to version: libvirt-7.6.0-6.1.module+el8.5.0+14474+b3410d40 Highlights and important bug fixes: consume libvirt fix for failure to connect socket to '/run/libvirt/virtlogd-sock' - possibly caused by too many open files from libvirtd. (BZ#2057048)
-
Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security updates:
-
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
nodejs-shelljs: improper privilege management (CVE-2022-0144)
-
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
Bug fix:
-
RHACM 2.3.8 images (Bugzilla #2062316)
-
Bugs fixed (https://bugzilla.redhat.com/):
2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: xmlrpc-c security update Advisory ID: RHSA-2022:1643-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1643 Issue date: 2022-04-28 CVE Names: CVE-2022-25235 ==================================================================== 1. Summary:
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.
Security Fix(es):
- expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source: xmlrpc-c-1.51.0-5.el8_5.1.src.rpm
aarch64: xmlrpc-c-1.51.0-5.el8_5.1.aarch64.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm xmlrpc-c-client-1.51.0-5.el8_5.1.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_5.1.aarch64.rpm
ppc64le: xmlrpc-c-1.51.0-5.el8_5.1.ppc64le.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm xmlrpc-c-client-1.51.0-5.el8_5.1.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-5.el8_5.1.ppc64le.rpm
s390x: xmlrpc-c-1.51.0-5.el8_5.1.s390x.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.s390x.rpm xmlrpc-c-client-1.51.0-5.el8_5.1.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.s390x.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_5.1.s390x.rpm xmlrpc-c-debugsource-1.51.0-5.el8_5.1.s390x.rpm
x86_64: xmlrpc-c-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-1.51.0-5.el8_5.1.x86_64.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm xmlrpc-c-client-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-client-1.51.0-5.el8_5.1.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-debugsource-1.51.0-5.el8_5.1.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64: xmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm xmlrpc-c-c++-1.51.0-5.el8_5.1.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm xmlrpc-c-client++-1.51.0-5.el8_5.1.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_5.1.aarch64.rpm xmlrpc-c-devel-1.51.0-5.el8_5.1.aarch64.rpm
ppc64le: xmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm xmlrpc-c-c++-1.51.0-5.el8_5.1.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm xmlrpc-c-client++-1.51.0-5.el8_5.1.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-5.el8_5.1.ppc64le.rpm xmlrpc-c-devel-1.51.0-5.el8_5.1.ppc64le.rpm
s390x: xmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.s390x.rpm xmlrpc-c-c++-1.51.0-5.el8_5.1.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.s390x.rpm xmlrpc-c-client++-1.51.0-5.el8_5.1.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.s390x.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_5.1.s390x.rpm xmlrpc-c-debugsource-1.51.0-5.el8_5.1.s390x.rpm xmlrpc-c-devel-1.51.0-5.el8_5.1.s390x.rpm
x86_64: xmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm xmlrpc-c-c++-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-c++-1.51.0-5.el8_5.1.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm xmlrpc-c-client++-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-client++-1.51.0-5.el8_5.1.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-debugsource-1.51.0-5.el8_5.1.x86_64.rpm xmlrpc-c-devel-1.51.0-5.el8_5.1.i686.rpm xmlrpc-c-devel-1.51.0-5.el8_5.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYmsX7NzjgjWX9erEAQgmpQ/7BwMnRiR+EjYtkzPNOZyYktyPBiWJnd5N 0Ba4OE/gu9PtWh/0WTVHuwHsx9JczyeOrp/ubDoX5VkhWmJ/cymBJbvAmyDmfZjk Bw/GnTMQOGjH+7Hha0lc9q6ArxHI8eDp1fsG9CQ4jENzL65qRbfYFFoe1VR6IQUx twUqZWA22KL0pmGkAHxLKfYUNWd49lWf0PKAe3eZ1LMC7vaeL0BStetdiTdZ4QKD eOYLuywEXxVVUbd8TdytPPvok3lLwzM8AuXdGsyr/Vtc0w0hIpPyH5p5s4Z3bW63 bILl0tur7ztfXbjyb8Cx3yxArlZ+r/gtemTtIerv92ADmxirIGrP+PhZY/YIXFNi MLOBupDOo+1h+X397+BamVRoERbgIBX29++tzo8pVxUS+5SzWsrMmRqDm1kYXGtt VtH22sLtZFJgOn37FxkoFH2HuvXHdd4U/1aASK50LVB7rCm3QJsKTqgeztgSbJgj RH7lRpiMYqWL7H9Vp6CClZkO8xf9R77sttWQrzrH6ataQFPWFu+BimPEPBeCEr37 vRhO0pxiDK7Fu47P7Ql4xhO2DFvOZUULzO2I/BMZJi2HSd3r4ByAKLSbNe8CHhe1 Xt12gKrl9KwY4qitrMe7qx9EllkrkTnMKpKl/VvseOnKN5PIILl5/6MD5rUJ9OG0 UsNE/fUtaYw=yZp3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Expat is a C library for parsing XML documents
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0050",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "libexpat",
"scope": "lt",
"trust": 1.0,
"vendor": "libexpat",
"version": "2.4.5"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25235"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166844"
},
{
"db": "PACKETSTORM",
"id": "167226"
},
{
"db": "PACKETSTORM",
"id": "166976"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166453"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "166902"
},
{
"db": "PACKETSTORM",
"id": "166348"
}
],
"trust": 0.8
},
"cve": "CVE-2022-25235",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-25235",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-415126",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-25235",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-25235",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1315",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-415126",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415126"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1315"
},
{
"db": "NVD",
"id": "CVE-2022-25235"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n2000478 - Using deprecated 1.25 API calls\n2022742 - NNCP creation fails when node of a cluster is unavailable\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2028619 - policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+\n2029359 - NodeNetworkConfigurationPolicy refreshes all the conditions even if the policy has not gone to that state\n2032837 - Add/remove label to priority class are not reconciled properly left HCO in Unknown status. \n2033385 - Bug in kubernetes labels that are attached to the CNV logs\n2038814 - [CNV-4.10-rhel9] hyperconverged-cluster-cli-download pod CrashLoopBackOff state\n2039019 - Fix Top consumers dashboard\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2046686 - Importer pod keeps in retarting when dataimportcron has a reference to invalid image sha\n2049990 - must-gather: must-gather is logging errors about upstream only namespaces\n2053390 - No DataImportCron for CentOS 7\n2054778 - PVC created with filesystem volume mode in some cases, instead of block volume mode\n2054782 - DataImportCron status does not show failure when failing to create dataSource\n2055304 - [4.10.z] nmstate interprets interface names as float64 and subsequently crashes on state update\n2055950 - cnv installation should set empty node selector for openshift-cnv namespace\n2056421 - non-privileged user cannot add disk as it cannot update resource \"virtualmachines/addvolume\"\n2056464 - nmstate-webhook pods getting scheduled on the same node\n2056619 - [4.10.z] kubemacpool-mac-controller-manager not ready\n2057142 - CDI aggregate roles missing some types\n2057148 - Cross namespace smart clone may get stuck in NamespaceTransferInProgress phase\n2057613 - nmpolicy capture - race condition when appying teardown nncp; nnce fails\n2059185 - must-gather: Must-gather gather_vms_details is not working when used with a list of vms\n2059613 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs\n2062227 - sriovLiveMigration should not be enabled on sno clusters\n2062321 - when update attempt of hco.spec with storage classes failed, csv git stuck in installing state\n2063991 - On upgraded cluster, \"v2v-vmware\" is present under hco.status.relatedObject\n2065308 - CNV disables LiveMigration FG, but leaves LiveMigration workloadUpdateStrategy enabled\n2065743 - 4.10.1 containers\n2065755 - 4.10.1 rpms\n2066086 - DataImportCrons do not automatically recover from unconfigured default storage class\n2066712 - [4.10.z] Migration of vm from VMware reports pvc not large enough\n2069055 - [4.10.z] On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop\n2070050 - [4.10.1] Custom guest PCI address and boot order parameters are not respected in a list of multiple SR-IOV NICs\n2073880 - Cannot create VM on SNO cluster as live migration feature is not enabled\n2077920 - Migration in sequence can be reported as failed even when it succeeded\n2078878 - SSP: Common templates fix to pick right templates\n\n5. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic\n2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040378 - Don\u0027t allow Storage class conversion migration if source cluster has only one storage class defined [backend]\n2057516 - [MTC UI] UI should not allow PVC mapping for Full migration\n2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans\n2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository\n2061347 - [MTC] Log reader pod is missing velero and restic pod logs. \n2061653 - [MTC UI] Migration Resources section showing pods from other namespaces\n2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. \n2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic)\n2071000 - Storage Conversion: UI doesn\u0027t have the ability to skip PVC\n2072036 - Migration plan for storage conversion cannot be created if there\u0027s no replication repository\n2072186 - Wrong migration type description\n2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration\n2073496 - Errors in rsync pod creation are not printed in the controller logs\n2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page\n\n5. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. (BZ#2048407)\n\n* Rebase package(s) to version:\nlibvirt-7.6.0-6.1.module+el8.5.0+14474+b3410d40\nHighlights and important bug fixes: consume libvirt fix for failure to\nconnect socket to \u0027/run/libvirt/virtlogd-sock\u0027 - possibly caused by too\nmany open files from libvirtd. (BZ#2057048)\n\n4. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.8 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\nBug fix:\n\n* RHACM 2.3.8 images (Bugzilla #2062316)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2062316 - RHACM 2.3.8 images\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: xmlrpc-c security update\nAdvisory ID: RHSA-2022:1643-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1643\nIssue date: 2022-04-28\nCVE Names: CVE-2022-25235\n====================================================================\n1. Summary:\n\nAn update for xmlrpc-c is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nXML-RPC is a remote procedure call (RPC) protocol that uses XML to encode\nits calls and HTTP as a transport mechanism. The xmlrpc-c packages provide\na network protocol to allow a client program to make a simple RPC (remote\nprocedure call) over the Internet. It converts an RPC into an XML document,\nsends it to a remote server using HTTP, and gets back the response in XML. \n\nSecurity Fix(es):\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code\nexecution (CVE-2022-25235)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nxmlrpc-c-1.51.0-5.el8_5.1.src.rpm\n\naarch64:\nxmlrpc-c-1.51.0-5.el8_5.1.aarch64.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm\nxmlrpc-c-client-1.51.0-5.el8_5.1.aarch64.rpm\nxmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm\nxmlrpc-c-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm\nxmlrpc-c-debugsource-1.51.0-5.el8_5.1.aarch64.rpm\n\nppc64le:\nxmlrpc-c-1.51.0-5.el8_5.1.ppc64le.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm\nxmlrpc-c-client-1.51.0-5.el8_5.1.ppc64le.rpm\nxmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm\nxmlrpc-c-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm\nxmlrpc-c-debugsource-1.51.0-5.el8_5.1.ppc64le.rpm\n\ns390x:\nxmlrpc-c-1.51.0-5.el8_5.1.s390x.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.s390x.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.s390x.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.s390x.rpm\nxmlrpc-c-client-1.51.0-5.el8_5.1.s390x.rpm\nxmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.s390x.rpm\nxmlrpc-c-debuginfo-1.51.0-5.el8_5.1.s390x.rpm\nxmlrpc-c-debugsource-1.51.0-5.el8_5.1.s390x.rpm\n\nx86_64:\nxmlrpc-c-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-1.51.0-5.el8_5.1.x86_64.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm\nxmlrpc-c-client-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-client-1.51.0-5.el8_5.1.x86_64.rpm\nxmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm\nxmlrpc-c-debuginfo-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm\nxmlrpc-c-debugsource-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-debugsource-1.51.0-5.el8_5.1.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 8):\n\naarch64:\nxmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm\nxmlrpc-c-c++-1.51.0-5.el8_5.1.aarch64.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm\nxmlrpc-c-client++-1.51.0-5.el8_5.1.aarch64.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm\nxmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm\nxmlrpc-c-debuginfo-1.51.0-5.el8_5.1.aarch64.rpm\nxmlrpc-c-debugsource-1.51.0-5.el8_5.1.aarch64.rpm\nxmlrpc-c-devel-1.51.0-5.el8_5.1.aarch64.rpm\n\nppc64le:\nxmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm\nxmlrpc-c-c++-1.51.0-5.el8_5.1.ppc64le.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm\nxmlrpc-c-client++-1.51.0-5.el8_5.1.ppc64le.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm\nxmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm\nxmlrpc-c-debuginfo-1.51.0-5.el8_5.1.ppc64le.rpm\nxmlrpc-c-debugsource-1.51.0-5.el8_5.1.ppc64le.rpm\nxmlrpc-c-devel-1.51.0-5.el8_5.1.ppc64le.rpm\n\ns390x:\nxmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.s390x.rpm\nxmlrpc-c-c++-1.51.0-5.el8_5.1.s390x.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.s390x.rpm\nxmlrpc-c-client++-1.51.0-5.el8_5.1.s390x.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.s390x.rpm\nxmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.s390x.rpm\nxmlrpc-c-debuginfo-1.51.0-5.el8_5.1.s390x.rpm\nxmlrpc-c-debugsource-1.51.0-5.el8_5.1.s390x.rpm\nxmlrpc-c-devel-1.51.0-5.el8_5.1.s390x.rpm\n\nx86_64:\nxmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm\nxmlrpc-c-c++-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-c++-1.51.0-5.el8_5.1.x86_64.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm\nxmlrpc-c-client++-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-client++-1.51.0-5.el8_5.1.x86_64.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm\nxmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-client-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm\nxmlrpc-c-debuginfo-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-debuginfo-1.51.0-5.el8_5.1.x86_64.rpm\nxmlrpc-c-debugsource-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-debugsource-1.51.0-5.el8_5.1.x86_64.rpm\nxmlrpc-c-devel-1.51.0-5.el8_5.1.i686.rpm\nxmlrpc-c-devel-1.51.0-5.el8_5.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYmsX7NzjgjWX9erEAQgmpQ/7BwMnRiR+EjYtkzPNOZyYktyPBiWJnd5N\n0Ba4OE/gu9PtWh/0WTVHuwHsx9JczyeOrp/ubDoX5VkhWmJ/cymBJbvAmyDmfZjk\nBw/GnTMQOGjH+7Hha0lc9q6ArxHI8eDp1fsG9CQ4jENzL65qRbfYFFoe1VR6IQUx\ntwUqZWA22KL0pmGkAHxLKfYUNWd49lWf0PKAe3eZ1LMC7vaeL0BStetdiTdZ4QKD\neOYLuywEXxVVUbd8TdytPPvok3lLwzM8AuXdGsyr/Vtc0w0hIpPyH5p5s4Z3bW63\nbILl0tur7ztfXbjyb8Cx3yxArlZ+r/gtemTtIerv92ADmxirIGrP+PhZY/YIXFNi\nMLOBupDOo+1h+X397+BamVRoERbgIBX29++tzo8pVxUS+5SzWsrMmRqDm1kYXGtt\nVtH22sLtZFJgOn37FxkoFH2HuvXHdd4U/1aASK50LVB7rCm3QJsKTqgeztgSbJgj\nRH7lRpiMYqWL7H9Vp6CClZkO8xf9R77sttWQrzrH6ataQFPWFu+BimPEPBeCEr37\nvRhO0pxiDK7Fu47P7Ql4xhO2DFvOZUULzO2I/BMZJi2HSd3r4ByAKLSbNe8CHhe1\nXt12gKrl9KwY4qitrMe7qx9EllkrkTnMKpKl/VvseOnKN5PIILl5/6MD5rUJ9OG0\nUsNE/fUtaYw=yZp3\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nExpat is a C library for parsing XML documents",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25235"
},
{
"db": "VULHUB",
"id": "VHN-415126"
},
{
"db": "PACKETSTORM",
"id": "166844"
},
{
"db": "PACKETSTORM",
"id": "167226"
},
{
"db": "PACKETSTORM",
"id": "166976"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166453"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "166902"
},
{
"db": "PACKETSTORM",
"id": "166348"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-25235",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-484086",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/02/19/1",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "167226",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166453",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166348",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166500",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166296",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167008",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166983",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166954",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166275",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169777",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166437",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166414",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168578",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166703",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166845",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166638",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0934",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1677",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5749",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5666",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4174",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1154",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1507",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0946",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1861",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1579",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0749",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0785.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1295",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1023",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1263",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2024",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1069",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2607",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2476",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3299",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022040715",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050424",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022033002",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070605",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032224",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032922",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060617",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032445",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052423",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031020",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060122",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031627",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032005",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022109",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031428",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051320",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031108",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042116",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022416",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072710",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032843",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042629",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022411",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061722",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041954",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072065",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072607",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041272",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-17",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1315",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166277",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166276",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166433",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166505",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166496",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166298",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166261",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166291",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166300",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166274",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2022-18356",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-415126",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166844",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166976",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166431",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166902",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415126"
},
{
"db": "PACKETSTORM",
"id": "166844"
},
{
"db": "PACKETSTORM",
"id": "167226"
},
{
"db": "PACKETSTORM",
"id": "166976"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166453"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "166902"
},
{
"db": "PACKETSTORM",
"id": "166348"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1315"
},
{
"db": "NVD",
"id": "CVE-2022-25235"
}
]
},
"id": "VAR-202202-0050",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415126"
}
],
"trust": 0.7003805
},
"last_update_date": "2024-11-29T21:30:40.952000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-116",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415126"
},
{
"db": "NVD",
"id": "CVE-2022-25235"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20220303-0008/"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5085"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202209-24"
},
{
"trust": 1.7,
"url": "https://github.com/libexpat/libexpat/pull/562"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2022/02/19/1"
},
{
"trust": 1.4,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1295"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022416"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022411"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022040715"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4174"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070605"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2476"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032224"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166703/red-hat-security-advisory-2022-1309-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5666"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5749"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022109"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166845/red-hat-security-advisory-2022-1540-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166296/red-hat-security-advisory-2022-0847-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166638/red-hat-security-advisory-2022-1263-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166954/red-hat-security-advisory-2022-1622-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0749"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0946"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166500/red-hat-security-advisory-2022-1068-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167226/red-hat-security-advisory-2022-4668-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0785.2"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3299"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050424"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166983/red-hat-security-advisory-2022-1739-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031428"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031627"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1154"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041272"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2607"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/expat-five-vulnerabilities-37608"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166275/red-hat-security-advisory-2022-0816-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1507"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051320"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0934"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032922"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072607"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032005"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032445"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169777/red-hat-security-advisory-2022-7811-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1069"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1861"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1023"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072065"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166453/red-hat-security-advisory-2022-1053-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061722"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031020"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166414/red-hat-security-advisory-2022-1012-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042629"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022033002"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060122"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031108"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2024"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052423"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1579"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0318"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23308"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3999"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0359"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0413"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0361"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0261"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0392"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23219"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-41190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1539"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4668"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41772"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25636"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4028"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/migration_toolkit_for_containers/mtc-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4028"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1025"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1053"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1083"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0951"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415126"
},
{
"db": "PACKETSTORM",
"id": "166844"
},
{
"db": "PACKETSTORM",
"id": "167226"
},
{
"db": "PACKETSTORM",
"id": "166976"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166453"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "166902"
},
{
"db": "PACKETSTORM",
"id": "166348"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1315"
},
{
"db": "NVD",
"id": "CVE-2022-25235"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415126"
},
{
"db": "PACKETSTORM",
"id": "166844"
},
{
"db": "PACKETSTORM",
"id": "167226"
},
{
"db": "PACKETSTORM",
"id": "166976"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166453"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "166902"
},
{
"db": "PACKETSTORM",
"id": "166348"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1315"
},
{
"db": "NVD",
"id": "CVE-2022-25235"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-415126"
},
{
"date": "2022-04-27T17:30:03",
"db": "PACKETSTORM",
"id": "166844"
},
{
"date": "2022-05-19T15:53:21",
"db": "PACKETSTORM",
"id": "167226"
},
{
"date": "2022-05-05T17:35:22",
"db": "PACKETSTORM",
"id": "166976"
},
{
"date": "2022-03-24T14:34:35",
"db": "PACKETSTORM",
"id": "166431"
},
{
"date": "2022-03-25T15:19:32",
"db": "PACKETSTORM",
"id": "166453"
},
{
"date": "2022-03-29T15:53:19",
"db": "PACKETSTORM",
"id": "166516"
},
{
"date": "2022-04-29T12:36:58",
"db": "PACKETSTORM",
"id": "166902"
},
{
"date": "2022-03-17T15:51:32",
"db": "PACKETSTORM",
"id": "166348"
},
{
"date": "2022-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1315"
},
{
"date": "2022-02-16T01:15:07.607000",
"db": "NVD",
"id": "CVE-2022-25235"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-415126"
},
{
"date": "2022-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1315"
},
{
"date": "2024-11-21T06:51:51.090000",
"db": "NVD",
"id": "CVE-2022-25235"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166844"
},
{
"db": "PACKETSTORM",
"id": "166902"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1315"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Expat Code injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1315"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1315"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.