var-202205-1313
Vulnerability from variot
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. WebKit is a fast, open source web browser engine. Apple WebKit has a buffer error vulnerability, which is caused by a boundary error in WebKit's processing of HTML content. A remote attacker could trick a victim into visiting a specially crafted website, trigger memory corruption, and execute arbitrary code on the targeted system. The following products and versions are affected: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD. macOS Monterey 12.4.
For the oldstable distribution (buster), these problems have been fixed in version 2.36.3-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in version 2.36.3-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmKWpRcACgkQAAyEYu0C 2AK6iA//ZOy1HOqSdnmdwCowbOAWP1GCEDxAV/lftx0i7LXCj6HHXTcH2ElRc9ZL 3CcZfEeulPV0FuMxyS0m3AApJKtVEkp1uYzXN9OJVZl2GZjjdsQZkIhlRkgTjiOz cyL19KuwcdcKBiDBmOknRdOMTAdsRra0/NvMY8xOAiGBCcShvs+uKwzXwZxaUPjC WJlm5oek53baFJNzwPHiPaIa3zfDsR/NXq6UxwzTWjtp6DoJPYaoU6J8dw2CGHhH rr6wS/tDkWRrXs/8vFQ/QrpBByHVgUOO9gPApaQpysEaKrtHMWBk87JDQ03p8hgw Vb9IXoPDtKFAgjtu4g/AwLhbWXY4lzw6DJJhoupaYT07tje1iIYADbg0L1jFAixf 8IXnjWh+vJdHmJX4fopZxoCguJrc5dCBOhn8Pjqqv6uqgcnZ81aBnflw0xwi6W36 +5DViEFCGU6RQ49q2vGoH+ouP/zBgjqUBb5W1n7koJuRZNZ9kmoMc78UjjDrQZeI WZWZ1UllEsqArWebfc0xXe0tXjCVwHIqb0jySqiKgYtRLLRypkWF8wUBmZLiuu5l 3UwLrxPfXRLOT5RMagI4GoN3RGBdTGzSiN+kHaMqJKVA6dKb1AyBbXoaRiNBGXe4 MFZUDBp+3HyKrsMegpoTeV9ILHfGMlAWihGwHM9Y2OJG4zODkvM= =qgna -----END PGP SIGNATURE----- . Description:
Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.
For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.
Security fixes:
- CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags
Bugs addressed:
- Build Submariner 0.13.3 (ACM-2226)
- Verify Submariner with OCP 4.12 (ACM-2435)
-
Submariner does not support cluster "kube-proxy ipvs mode" (ACM-2821)
-
Bugs fixed (https://bugzilla.redhat.com/):
2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags
- JIRA issues fixed (https://issues.jboss.org/):
ACM-2226 - [ACM 2.6.4] Build Submariner 0.13.3 ACM-2435 - [ACM 2.6.4] Verify Submariner with OCP 4.12 ACM-2821 - [Submariner] - 0.13.3 - Submariner does not support cluster "kube-proxy ipvs mode"
- Description:
Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12.
This release includes security and bug fixes, and enhancements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update Advisory ID: RHSA-2023:1174-01 Product: OpenShift API for Data Protection Advisory URL: https://access.redhat.com/errata/RHSA-2023:1174 Issue date: 2023-03-09 CVE Names: CVE-2021-46848 CVE-2022-1122 CVE-2022-1304 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-2879 CVE-2022-2880 CVE-2022-2953 CVE-2022-4415 CVE-2022-4883 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-30293 CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 CVE-2022-41715 CVE-2022-41717 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-43680 CVE-2022-44617 CVE-2022-46285 CVE-2022-47629 CVE-2022-48303 =====================================================================
- Summary:
OpenShift API for Data Protection (OADP) 1.1.2 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.
Security Fix(es) from Bugzilla:
-
golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
-
golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
-
golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
-
golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests
- JIRA issues fixed (https://issues.jboss.org/):
OADP-1056 - DPA fails validation if multiple BSLs have the same provider OADP-1150 - Handle docker env config changes in the oadp-operator OADP-1217 - update velero + restic to 1.9.5 OADP-1256 - Backup stays in progress status after restic pod is restarted due to OOM killed OADP-1289 - Restore partially fails with error "Secrets \"deployer-token-rrjqx\" not found" OADP-290 - Remove creation/usage of velero-privileged SCC
- References:
https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-1122 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-2056 https://access.redhat.com/security/cve/CVE-2022-2057 https://access.redhat.com/security/cve/CVE-2022-2058 https://access.redhat.com/security/cve/CVE-2022-2519 https://access.redhat.com/security/cve/CVE-2022-2520 https://access.redhat.com/security/cve/CVE-2022-2521 https://access.redhat.com/security/cve/CVE-2022-2867 https://access.redhat.com/security/cve/CVE-2022-2868 https://access.redhat.com/security/cve/CVE-2022-2869 https://access.redhat.com/security/cve/CVE-2022-2879 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-2953 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-4883 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-25308 https://access.redhat.com/security/cve/CVE-2022-25309 https://access.redhat.com/security/cve/CVE-2022-25310 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-43680 https://access.redhat.com/security/cve/CVE-2022-44617 https://access.redhat.com/security/cve/CVE-2022-46285 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2022-48303 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIUAwUBZAk/3dzjgjWX9erEAQgKPg/3Ri4q2NpruiiTlkWhpwy+dG0BuwSIKfuL kmzLCcLLAQlCsEi31S3qtFbcBl5IK4JAPRMXtN7egvfjbKorCzwPGp/IolN9FJqc SEEJ51mMBxLEPWjkuKH2Cad0QrefcaslXzGxJiUw1IngilOxhNFyniDhrr3dUdPo hvwuozHmVLVKimJ1GNpX4PWPO5flQ81LnIT2kJdhlQWYDjVZ1SLPvfyxI6WxxVl8 PceMlXGzhhSJJ0G35jGq5p96JCtwX+75gYwkuYjkPqqIUElfpRKBvrXwt+Ci6baH hg8/Jp3Hdm3YitqDjsmysRxUkfv2ufuxIsgWfMYK3duo5mJQJWEVJ5S1C/2TOgPC QNhwk2VeWHFVSojudGUH9kqrV3wT+BHK1XReKjV8++yLZIbDy5ywH/dOjbA4RAkh vdQVc8xOGqgAsSN3DkjH7LWS86qktibW+Tm+h5c8HyRrOajwKeP67to2GfnRPva5 1TNAhR0eDqy1HQ/SgE6Hkx1f2sSjfT0dpnEIMZD2+Cmp64bFlm5KoZNXLmUlTmhu vtDQtamhHlotPGV8znjMGbxpucpkzvGbTUPF1dQZo7xJP+Z8GedJLStvPhtTvN1T JaZ5PvPR9HVmjWOWpxsIll7xwx/wwfclRWH02hZj4eiNhjCnPQFWenAOfNCgus8D 4jA0TFXFMA== =24ND -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.6.3 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/
Bugs addressed:
-
clusters belong to global clusterset is not selected by placement when rescheduling (BZ# 2129679)
-
RHACM 2.6.3 images (BZ# 2139085)
Security fixes:
-
CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function Security
-
CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements
-
Solution:
For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions on installing this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing
- Bugs fixed (https://bugzilla.redhat.com/):
2129679 - clusters belong to global clusterset is not selected by placement when rescheduling 2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function 2139085 - RHACM 2.6.3 images 2149181 - CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements
- Bugs fixed (https://bugzilla.redhat.com/):
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2132957 - Migration fails at UnQuiesceDestApplications step in OCP 4.12 2137304 - Location for host cluster is missing in the UI 2140208 - When editing a MigHook in the UI, the page may fail to reload 2143628 - Unable to create Storage Class Conversion plan due to missing cronjob error in OCP 4.12 2143872 - Namespaces page in web console stuck in loading phase 2149920 - Migration fails at prebackupHooks step
- JIRA issues fixed (https://issues.jboss.org/):
MIG-1240 - Implement proposed changes for DVM support with PSAs in 4.12
6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1313",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.4"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.5"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.0"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.5"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.5"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.6"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.5"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26716"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "171026"
},
{
"db": "PACKETSTORM",
"id": "170956"
},
{
"db": "PACKETSTORM",
"id": "171310"
},
{
"db": "PACKETSTORM",
"id": "170242"
},
{
"db": "PACKETSTORM",
"id": "170243"
},
{
"db": "PACKETSTORM",
"id": "172460"
}
],
"trust": 0.6
},
"cve": "CVE-2022-26716",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-26716",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-26716",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26716"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. WebKit is a fast, open source web browser engine. Apple WebKit has a buffer error vulnerability, which is caused by a boundary error in WebKit\u0027s processing of HTML content. A remote attacker could trick a victim into visiting a specially crafted website, trigger memory corruption, and execute arbitrary code on the targeted system. The following products and versions are affected: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD. macOS Monterey 12.4. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.36.3-1~deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.36.3-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages. \n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/webkit2gtk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmKWpRcACgkQAAyEYu0C\n2AK6iA//ZOy1HOqSdnmdwCowbOAWP1GCEDxAV/lftx0i7LXCj6HHXTcH2ElRc9ZL\n3CcZfEeulPV0FuMxyS0m3AApJKtVEkp1uYzXN9OJVZl2GZjjdsQZkIhlRkgTjiOz\ncyL19KuwcdcKBiDBmOknRdOMTAdsRra0/NvMY8xOAiGBCcShvs+uKwzXwZxaUPjC\nWJlm5oek53baFJNzwPHiPaIa3zfDsR/NXq6UxwzTWjtp6DoJPYaoU6J8dw2CGHhH\nrr6wS/tDkWRrXs/8vFQ/QrpBByHVgUOO9gPApaQpysEaKrtHMWBk87JDQ03p8hgw\nVb9IXoPDtKFAgjtu4g/AwLhbWXY4lzw6DJJhoupaYT07tje1iIYADbg0L1jFAixf\n8IXnjWh+vJdHmJX4fopZxoCguJrc5dCBOhn8Pjqqv6uqgcnZ81aBnflw0xwi6W36\n+5DViEFCGU6RQ49q2vGoH+ouP/zBgjqUBb5W1n7koJuRZNZ9kmoMc78UjjDrQZeI\nWZWZ1UllEsqArWebfc0xXe0tXjCVwHIqb0jySqiKgYtRLLRypkWF8wUBmZLiuu5l\n3UwLrxPfXRLOT5RMagI4GoN3RGBdTGzSiN+kHaMqJKVA6dKb1AyBbXoaRiNBGXe4\nMFZUDBp+3HyKrsMegpoTeV9ILHfGMlAWihGwHM9Y2OJG4zODkvM=\n=qgna\n-----END PGP SIGNATURE-----\n. Description:\n\nSubmariner enables direct networking between pods and services on different\nKubernetes clusters that are either on-premises or in the cloud. \n\nFor more information about Submariner, see the Submariner open source\ncommunity website at: https://submariner.io/. \n\nSecurity fixes:\n\n* CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage\ntakes a long time to parse complex tags\n\nBugs addressed:\n\n* Build Submariner 0.13.3 (ACM-2226)\n* Verify Submariner with OCP 4.12 (ACM-2435)\n* Submariner does not support cluster \"kube-proxy ipvs mode\" (ACM-2821)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nACM-2226 - [ACM 2.6.4] Build Submariner 0.13.3\nACM-2435 - [ACM 2.6.4] Verify Submariner with OCP 4.12\nACM-2821 - [Submariner] - 0.13.3 - Submariner does not support cluster \"kube-proxy ipvs mode\"\n\n6. Description:\n\nVersion 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat\nOpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. \n\nThis release includes security and bug fixes, and enhancements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update\nAdvisory ID: RHSA-2023:1174-01\nProduct: OpenShift API for Data Protection\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:1174\nIssue date: 2023-03-09\nCVE Names: CVE-2021-46848 CVE-2022-1122 CVE-2022-1304 \n CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 \n CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 \n CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 \n CVE-2022-2879 CVE-2022-2880 CVE-2022-2953 \n CVE-2022-4415 CVE-2022-4883 CVE-2022-22624 \n CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 \n CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 \n CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 \n CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 \n CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 \n CVE-2022-30293 CVE-2022-35737 CVE-2022-40303 \n CVE-2022-40304 CVE-2022-41715 CVE-2022-41717 \n CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 \n CVE-2022-42898 CVE-2022-43680 CVE-2022-44617 \n CVE-2022-46285 CVE-2022-47629 CVE-2022-48303 \n=====================================================================\n\n1. Summary:\n\nOpenShift API for Data Protection (OADP) 1.1.2 is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nOpenShift API for Data Protection (OADP) enables you to back up and restore\napplication resources, persistent volume data, and internal container\nimages to external backup storage. OADP enables both file system-based and\nsnapshot-based backups for persistent volumes. \n\nSecurity Fix(es) from Bugzilla:\n\n* golang: archive/tar: unbounded memory consumption when reading headers\n(CVE-2022-2879)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable\nquery parameters (CVE-2022-2880)\n\n* golang: regexp/syntax: limit memory used by parsing regexps\n(CVE-2022-41715)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go\nserver accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers\n2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOADP-1056 - DPA fails validation if multiple BSLs have the same provider\nOADP-1150 - Handle docker env config changes in the oadp-operator\nOADP-1217 - update velero + restic to 1.9.5\nOADP-1256 - Backup stays in progress status after restic pod is restarted due to OOM killed\nOADP-1289 - Restore partially fails with error \"Secrets \\\"deployer-token-rrjqx\\\" not found\"\nOADP-290 - Remove creation/usage of velero-privileged SCC\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-46848\nhttps://access.redhat.com/security/cve/CVE-2022-1122\nhttps://access.redhat.com/security/cve/CVE-2022-1304\nhttps://access.redhat.com/security/cve/CVE-2022-2056\nhttps://access.redhat.com/security/cve/CVE-2022-2057\nhttps://access.redhat.com/security/cve/CVE-2022-2058\nhttps://access.redhat.com/security/cve/CVE-2022-2519\nhttps://access.redhat.com/security/cve/CVE-2022-2520\nhttps://access.redhat.com/security/cve/CVE-2022-2521\nhttps://access.redhat.com/security/cve/CVE-2022-2867\nhttps://access.redhat.com/security/cve/CVE-2022-2868\nhttps://access.redhat.com/security/cve/CVE-2022-2869\nhttps://access.redhat.com/security/cve/CVE-2022-2879\nhttps://access.redhat.com/security/cve/CVE-2022-2880\nhttps://access.redhat.com/security/cve/CVE-2022-2953\nhttps://access.redhat.com/security/cve/CVE-2022-4415\nhttps://access.redhat.com/security/cve/CVE-2022-4883\nhttps://access.redhat.com/security/cve/CVE-2022-22624\nhttps://access.redhat.com/security/cve/CVE-2022-22628\nhttps://access.redhat.com/security/cve/CVE-2022-22629\nhttps://access.redhat.com/security/cve/CVE-2022-22662\nhttps://access.redhat.com/security/cve/CVE-2022-25308\nhttps://access.redhat.com/security/cve/CVE-2022-25309\nhttps://access.redhat.com/security/cve/CVE-2022-25310\nhttps://access.redhat.com/security/cve/CVE-2022-26700\nhttps://access.redhat.com/security/cve/CVE-2022-26709\nhttps://access.redhat.com/security/cve/CVE-2022-26710\nhttps://access.redhat.com/security/cve/CVE-2022-26716\nhttps://access.redhat.com/security/cve/CVE-2022-26717\nhttps://access.redhat.com/security/cve/CVE-2022-26719\nhttps://access.redhat.com/security/cve/CVE-2022-27404\nhttps://access.redhat.com/security/cve/CVE-2022-27405\nhttps://access.redhat.com/security/cve/CVE-2022-27406\nhttps://access.redhat.com/security/cve/CVE-2022-30293\nhttps://access.redhat.com/security/cve/CVE-2022-35737\nhttps://access.redhat.com/security/cve/CVE-2022-40303\nhttps://access.redhat.com/security/cve/CVE-2022-40304\nhttps://access.redhat.com/security/cve/CVE-2022-41715\nhttps://access.redhat.com/security/cve/CVE-2022-41717\nhttps://access.redhat.com/security/cve/CVE-2022-42010\nhttps://access.redhat.com/security/cve/CVE-2022-42011\nhttps://access.redhat.com/security/cve/CVE-2022-42012\nhttps://access.redhat.com/security/cve/CVE-2022-42898\nhttps://access.redhat.com/security/cve/CVE-2022-43680\nhttps://access.redhat.com/security/cve/CVE-2022-44617\nhttps://access.redhat.com/security/cve/CVE-2022-46285\nhttps://access.redhat.com/security/cve/CVE-2022-47629\nhttps://access.redhat.com/security/cve/CVE-2022-48303\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIUAwUBZAk/3dzjgjWX9erEAQgKPg/3Ri4q2NpruiiTlkWhpwy+dG0BuwSIKfuL\nkmzLCcLLAQlCsEi31S3qtFbcBl5IK4JAPRMXtN7egvfjbKorCzwPGp/IolN9FJqc\nSEEJ51mMBxLEPWjkuKH2Cad0QrefcaslXzGxJiUw1IngilOxhNFyniDhrr3dUdPo\nhvwuozHmVLVKimJ1GNpX4PWPO5flQ81LnIT2kJdhlQWYDjVZ1SLPvfyxI6WxxVl8\nPceMlXGzhhSJJ0G35jGq5p96JCtwX+75gYwkuYjkPqqIUElfpRKBvrXwt+Ci6baH\nhg8/Jp3Hdm3YitqDjsmysRxUkfv2ufuxIsgWfMYK3duo5mJQJWEVJ5S1C/2TOgPC\nQNhwk2VeWHFVSojudGUH9kqrV3wT+BHK1XReKjV8++yLZIbDy5ywH/dOjbA4RAkh\nvdQVc8xOGqgAsSN3DkjH7LWS86qktibW+Tm+h5c8HyRrOajwKeP67to2GfnRPva5\n1TNAhR0eDqy1HQ/SgE6Hkx1f2sSjfT0dpnEIMZD2+Cmp64bFlm5KoZNXLmUlTmhu\nvtDQtamhHlotPGV8znjMGbxpucpkzvGbTUPF1dQZo7xJP+Z8GedJLStvPhtTvN1T\nJaZ5PvPR9HVmjWOWpxsIll7xwx/wwfclRWH02hZj4eiNhjCnPQFWenAOfNCgus8D\n4jA0TFXFMA==\n=24ND\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.6.3 General\nAvailability release images, which provide security updates, fix bugs, and\nupdate container images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.6.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nBugs addressed:\n\n* clusters belong to global clusterset is not selected by placement when\nrescheduling (BZ# 2129679)\n\n* RHACM 2.6.3 images (BZ# 2139085)\n\nSecurity fixes:\n\n* CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function \n Security\n\n* CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML\nresponses containing multiple Assertion elements\n\n3. Solution:\n\nFor Red Hat Advanced Cluster Management for Kubernetes, see the following\ndocumentation, which will be updated shortly for this release, for\nimportant\ninstructions on installing this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2129679 - clusters belong to global clusterset is not selected by placement when rescheduling\n2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function\n2139085 - RHACM 2.6.3 images\n2149181 - CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2132957 - Migration fails at UnQuiesceDestApplications step in OCP 4.12\n2137304 - Location for host cluster is missing in the UI\n2140208 - When editing a MigHook in the UI, the page may fail to reload\n2143628 - Unable to create Storage Class Conversion plan due to missing cronjob error in OCP 4.12\n2143872 - Namespaces page in web console stuck in loading phase\n2149920 - Migration fails at prebackupHooks step\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nMIG-1240 - Implement proposed changes for DVM support with PSAs in 4.12\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26716"
},
{
"db": "VULHUB",
"id": "VHN-417385"
},
{
"db": "VULMON",
"id": "CVE-2022-26716"
},
{
"db": "PACKETSTORM",
"id": "169324"
},
{
"db": "PACKETSTORM",
"id": "171026"
},
{
"db": "PACKETSTORM",
"id": "170956"
},
{
"db": "PACKETSTORM",
"id": "171310"
},
{
"db": "PACKETSTORM",
"id": "170242"
},
{
"db": "PACKETSTORM",
"id": "170243"
},
{
"db": "PACKETSTORM",
"id": "169358"
},
{
"db": "PACKETSTORM",
"id": "172460"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-417385",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417385"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26716",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "170956",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170210",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169920",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167194",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167185",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168226",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167193",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169760",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169889",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167195",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3516",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-417385",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-26716",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169324",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171026",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171310",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170242",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170243",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169358",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172460",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417385"
},
{
"db": "VULMON",
"id": "CVE-2022-26716"
},
{
"db": "PACKETSTORM",
"id": "169324"
},
{
"db": "PACKETSTORM",
"id": "171026"
},
{
"db": "PACKETSTORM",
"id": "170956"
},
{
"db": "PACKETSTORM",
"id": "171310"
},
{
"db": "PACKETSTORM",
"id": "170242"
},
{
"db": "PACKETSTORM",
"id": "170243"
},
{
"db": "PACKETSTORM",
"id": "169358"
},
{
"db": "PACKETSTORM",
"id": "172460"
},
{
"db": "NVD",
"id": "CVE-2022-26716"
}
]
},
"id": "VAR-202205-1313",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-417385"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T22:39:12.582000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple: macOS Monterey 12.4",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=73857ee26a600b1527481f1deacc0619"
},
{
"title": "Apple: iOS 15.5 and iPadOS 15.5",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f66f27c9aed3f1df2b9271d627617604"
},
{
"title": "Apple: watchOS 8.6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=6bd411659b23f6a36cfd1c59cf69e092"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-26716"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26716"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://support.apple.com/en-us/ht213253"
},
{
"trust": 1.1,
"url": "https://support.apple.com/en-us/ht213254"
},
{
"trust": 1.1,
"url": "https://support.apple.com/en-us/ht213257"
},
{
"trust": 1.1,
"url": "https://support.apple.com/en-us/ht213258"
},
{
"trust": 1.1,
"url": "https://support.apple.com/en-us/ht213260"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22629"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22624"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22662"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22628"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-1304"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-26717"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-26710"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-26719"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-42898"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-26700"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-26716"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-30293"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-26709"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-35737"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-40304"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46848"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
},
{
"trust": 0.4,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-46848"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-40303"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-3709"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-43680"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-42012"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-42010"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-42011"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-2509"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-27664"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-2880"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-41715"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-27404"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-27405"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-27406"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30293"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30294"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35527"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2509"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3515"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35525"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2879"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25308"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-4415"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25310"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25309"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-41717"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1122"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1122"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-47629"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22844"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0561"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0908"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0924"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0909"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0562"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1355"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0561"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0891"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0909"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0891"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0865"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0865"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0562"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0908"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32189"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht213257"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3821"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2601"
},
{
"trust": 0.1,
"url": "https://submariner.io/."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3787"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2601"
},
{
"trust": 0.1,
"url": "https://submariner.io/getting-started/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3775"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/add-ons-overview#submariner-deploy-console"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30699"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-48303"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2869"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2058"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1174"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2057"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4883"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-44617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2058"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2521"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2521"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2056"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2867"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2519"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2057"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1016"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1048"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29581"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1055"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-36946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21499"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0854"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-20368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3517"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0854"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26373"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2078"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23960"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28390"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41912"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:9040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25255"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0168"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1962"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28131"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32148"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:9047"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30635"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpewebkit"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-23916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41724"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-34903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41725"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0215"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27664"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417385"
},
{
"db": "VULMON",
"id": "CVE-2022-26716"
},
{
"db": "PACKETSTORM",
"id": "169324"
},
{
"db": "PACKETSTORM",
"id": "171026"
},
{
"db": "PACKETSTORM",
"id": "170956"
},
{
"db": "PACKETSTORM",
"id": "171310"
},
{
"db": "PACKETSTORM",
"id": "170242"
},
{
"db": "PACKETSTORM",
"id": "170243"
},
{
"db": "PACKETSTORM",
"id": "169358"
},
{
"db": "PACKETSTORM",
"id": "172460"
},
{
"db": "NVD",
"id": "CVE-2022-26716"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-417385"
},
{
"db": "VULMON",
"id": "CVE-2022-26716"
},
{
"db": "PACKETSTORM",
"id": "169324"
},
{
"db": "PACKETSTORM",
"id": "171026"
},
{
"db": "PACKETSTORM",
"id": "170956"
},
{
"db": "PACKETSTORM",
"id": "171310"
},
{
"db": "PACKETSTORM",
"id": "170242"
},
{
"db": "PACKETSTORM",
"id": "170243"
},
{
"db": "PACKETSTORM",
"id": "169358"
},
{
"db": "PACKETSTORM",
"id": "172460"
},
{
"db": "NVD",
"id": "CVE-2022-26716"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-01T00:00:00",
"db": "VULHUB",
"id": "VHN-417385"
},
{
"date": "2022-06-28T19:12:00",
"db": "PACKETSTORM",
"id": "169324"
},
{
"date": "2023-02-16T15:45:25",
"db": "PACKETSTORM",
"id": "171026"
},
{
"date": "2023-02-10T15:49:15",
"db": "PACKETSTORM",
"id": "170956"
},
{
"date": "2023-03-09T15:14:10",
"db": "PACKETSTORM",
"id": "171310"
},
{
"date": "2022-12-15T15:34:35",
"db": "PACKETSTORM",
"id": "170242"
},
{
"date": "2022-12-15T15:35:54",
"db": "PACKETSTORM",
"id": "170243"
},
{
"date": "2022-06-28T19:12:00",
"db": "PACKETSTORM",
"id": "169358"
},
{
"date": "2023-05-19T14:41:19",
"db": "PACKETSTORM",
"id": "172460"
},
{
"date": "2022-11-01T20:15:17.443000",
"db": "NVD",
"id": "CVE-2022-26716"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-417385"
},
{
"date": "2023-08-08T14:21:49.707000",
"db": "NVD",
"id": "CVE-2022-26716"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian Security Advisory 5154-1",
"sources": [
{
"db": "PACKETSTORM",
"id": "169324"
}
],
"trust": 0.1
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.