var-202302-0482
Vulnerability from variot
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. Summary:
The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. ========================================================================== Ubuntu Security Notice USN-6564-1 January 03, 2024
nodejs vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Node.js.
Software Description: - nodejs: An open-source, cross-platform JavaScript runtime environment.
Details:
Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. (CVE-2022-4304)
CarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-4450)
Octavio Galland and Marcel Böhme discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-0215)
David Benjamin discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-0286)
Hubert Kario and Dmitry Belyavsky discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-0401)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: libnode-dev 12.22.9~dfsg-1ubuntu3.3 libnode72 12.22.9~dfsg-1ubuntu3.3 nodejs 12.22.9~dfsg-1ubuntu3.3
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202402-08
https://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple Vulnerabilities Date: February 04, 2024 Bugs: #876787, #893446, #902779, #903545, #907413, #910556, #911560 ID: 202402-08
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service.
Affected packages
Package Vulnerable Unaffected
dev-libs/openssl < 3.0.10 >= 3.0.10
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-3.0.10"
References
[ 1 ] CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 [ 2 ] CVE-2022-4203 https://nvd.nist.gov/vuln/detail/CVE-2022-4203 [ 3 ] CVE-2022-4304 https://nvd.nist.gov/vuln/detail/CVE-2022-4304 [ 4 ] CVE-2022-4450 https://nvd.nist.gov/vuln/detail/CVE-2022-4450 [ 5 ] CVE-2023-0215 https://nvd.nist.gov/vuln/detail/CVE-2023-0215 [ 6 ] CVE-2023-0216 https://nvd.nist.gov/vuln/detail/CVE-2023-0216 [ 7 ] CVE-2023-0217 https://nvd.nist.gov/vuln/detail/CVE-2023-0217 [ 8 ] CVE-2023-0286 https://nvd.nist.gov/vuln/detail/CVE-2023-0286 [ 9 ] CVE-2023-0401 https://nvd.nist.gov/vuln/detail/CVE-2023-0401 [ 10 ] CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 [ 11 ] CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 [ 12 ] CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 [ 13 ] CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 [ 14 ] CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 [ 15 ] CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 [ 16 ] CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202402-08
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
-
openssl: read buffer overflow in X.509 certificate verification (CVE-2022-4203)
-
openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
-
openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)
-
openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)
-
openssl: invalid pointer dereference in d2i_PKCS7 functions (CVE-2023-0216)
-
openssl: NULL dereference validating DSA public key (CVE-2023-0217)
-
openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
-
openssl: NULL dereference during PKCS7 data verification (CVE-2023-0401)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
HMAC generation should reject key lengths < 112 bits or provide an indicator in FIPS mode (BZ#2144000)
-
In FIPS mode, openssl should set a minimum length for passwords in PBKDF2 (BZ#2144003)
-
stunnel consumes high amount of memory when pestered with TCP connections without a TLS handshake (BZ#2144008)
-
In FIPS mode, openssl should reject SHAKE as digest for RSA-OAEP or provide an indicator (BZ#2144010)
-
In FIPS mode, openssl should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator (BZ#2144012)
-
In FIPS mode, openssl should reject RSA signatures with X9.31 padding, or provide an indicator (BZ#2144015)
-
In FIPS mode, openssl should reject SHA-224, SHA-384, SHA-512-224, and SHA-512-256 as hashes for hash-based DRBGs, or provide an indicator after 2023-05-16 (BZ#2144017)
-
In FIPS mode, openssl should reject KDF input and output key lengths < 112 bits or provide an indicator (BZ#2144019)
-
In FIPS mode, openssl should reject RSA keys < 2048 bits when using EVP_PKEY_decapsulate, or provide an indicator (BZ#2145170)
-
RHEL9.1 Nightly[0912] - error:03000093:digital envelope routines::command not supported when git clone is run with configured ibmca engine backed by libica.so.4 (OpenSSL 3.0) (BZ#2149010)
-
OpenSSL FIPS checksum code needs update (BZ#2158412)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Bugs fixed (https://bugzilla.redhat.com/):
2144000 - HMAC generation should reject key lengths < 112 bits or provide an indicator in FIPS mode [rhel-9.1.0.z] 2144003 - In FIPS mode, openssl should set a minimum length for passwords in PBKDF2 [rhel-9.1.0.z] 2144006 - FIPS self-test data for RSA-CRT contains incorrect parameters [rhel-9.1.0.z] 2144008 - stunnel consumes high amount of memory when pestered with TCP connections without a TLS handshake [rhel-9.1.0.z] 2144010 - In FIPS mode, openssl should reject SHAKE as digest for RSA-OAEP or provide an indicator [rhel-9.1.0.z] 2144012 - In FIPS mode, openssl should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator [rhel-9.1.0.z] 2144015 - In FIPS mode, openssl should reject RSA signatures with X9.31 padding, or provide an indicator [rhel-9.1.0.z] 2144017 - In FIPS mode, openssl should reject SHA-224, SHA-384, SHA-512-224, and SHA-512-256 as hashes for hash-based DRBGs, or provide an indicator after 2023-05-16 [rhel-9.1.0.z] 2144019 - In FIPS mode, openssl should reject KDF input and output key lengths < 112 bits or provide an indicator [rhel-9.1.0.z] 2145170 - In FIPS mode, openssl should reject RSA keys < 2048 bits when using EVP_PKEY_decapsulate, or provide an indicator [rhel-9.1.0.z] 2158412 - OpenSSL FIPS checksum code needs update [rhel-9.1.0.z] 2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName 2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation 2164488 - CVE-2022-4203 openssl: read buffer overflow in X.509 certificate verification 2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF 2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex 2164497 - CVE-2023-0216 openssl: invalid pointer dereference in d2i_PKCS7 functions 2164499 - CVE-2023-0217 openssl: NULL dereference validating DSA public key 2164500 - CVE-2023-0401 openssl: NULL dereference during PKCS7 data verification
- Package List:
Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
Additional details can be found in the upstream advisories at https://www.openssl.org/news/secadv/20220705.txt and https://www.openssl.org/news/secadv/20230207.txt
For the stable distribution (bullseye), these problems have been fixed in version 1.1.1n-0+deb11u4.
We recommend that you upgrade your openssl packages.
For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmPivONfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RBCA/+IqJ9qtjytulO41yPphASSEu22XVN9EYAUsdcpsTmnDtp1zUQSZpQv5qk 464Z2+0SkNtiHm5O5z5fs4LX0wXYBvLYrFnh2X2Z6rT+YFhXg8ZdEo+IysYSV7gB utbb1zbSqUSSLmlF/r6SnXy+HlTyB56p+k0MnLNHejes6DoghebZJGU6Dl5D8Z2J wOB6xi2sS3zVl1O+8//PPk5Sha8ESShuP/sBby01Xvpl65+8Icn7dXXHFNUn27rZ WdQCdxJaUJiqjZYzI5XAB+zHl8KNDiWP9MqIeT3g+YQ+nzSTeHxRPXDTDvClMv9y CJ90PaCY1DBNh5NrE2/IZkpIOKvTjRX3+db7Nab2GyRzLCP7p+1Bm14zHiKRHPOR t/6yX11diIF2zvlP/7qeCGkutv9KrFjSW81o1GgJMdt8uduHa95IgKNNUsA6Wf3O SkUP4EYfhXs2+TIfEenvqLuAmLsQBCRCvNDdmEGhtR4r0hpvcJ4eOaDBE6FWih1J i0mpDIjBYOV2iEUe85XfYflrcFfaxSwbl4ultH3Q3eWtiMwLgXqJ9dKRQEXJX7hp 48zKPwnftJbGBri9Y293sMjcpv3F/PTjXMh8LcUSVDkVVdQ8cLSmdmP4v4wSzV/q Z7KATUs6YAod4ts5u3/zD97Mzk0Xiecw/ggevbCfCvQTByk02Fg=lXE/ -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.12.22 bug fix and security update Advisory ID: RHSA-2023:3615-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:3615 Issue date: 2023-06-22 CVE Names: CVE-2021-4235 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0361 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.12.22 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.12.
Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.22. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2023:3613
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html
Security Fix(es):
- go-yaml: Denial of Service in go-yaml (CVE-2021-4235)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html
You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha values for the release are:
(For x86_64 architecture) The image digest is sha256:ba7956f5c2aae61c8ff3ab1ab2ee7e625db9b1c8964a65339764db79c148e4e6
(For s390x architecture) The image digest is sha256:36d8c9581c255ea3fb48ee8e3b4acb2e4b408f1c3542b16c55c0637403ef29e7
(For ppc64le architecture) The image digest is sha256:1a3f611d665c1d2b2ddb54d4f54e64c181e59fb57ec97c0578cad42c436a9bbc
(For aarch64 architecture) The image digest is sha256:36fe7b5c69297210f8bc0303a58c019fdc4ca578d0c3340b1bc847c47e87d333
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html.
- Bugs fixed (https://bugzilla.redhat.com/):
2156727 - CVE-2021-4235 go-yaml: Denial of Service in go-yaml
- JIRA issues fixed (https://issues.redhat.com/):
OCPBUGS-13785 - EgressNetworkPolicy DNS resolution does not fall back to TCP for truncated responses OCPBUGS-14333 - Package openvswitch2.17 conflicts with openvswitch2.15 during the 4.12 to 4.13 upgrade of RHEL worker OCPBUGS-14454 - CRL configmap is limited by 1MB max, not allowing for multiple public CRLS. (4.12) OCPBUGS-14455 - mtls CRL not working when using an intermediate CA (4.12) OCPBUGS-14647 - Errors when running must-gather for 4.12 Rosa/Hypershift cluster OCPBUGS-14671 - It must be possible to append a piece of FRR configuration to what MetalLB renders OCPBUGS-14717 - Maximum Number Of Egress IPs Supported OCPBUGS-14745 - container_network* metrics stop reporting after container restart OCPBUGS-8673 - [whereabouts-cni] [release-4.12] Backport DualStack and the new reconciler to whereabouts plugin 4.12
- References:
https://access.redhat.com/security/cve/CVE-2021-4235 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/updates/classification/#moderate https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZJZol9zjgjWX9erEAQisXA/+NLLB9/gV0VO/r2mMIiaD7nzF25RMNy6E W07FAfzzYtrxMYspYtRAKnPv7tLJJT6Aa+xJ0O8jtnv1P0e1BdOr5MrsHiALZgiQ OWj5Px61nnKIRrrBNAEk2nKs2in96otOZryLzWy2osQCl+T17U1/gEQvpYhl18FE UWIHtP3Rzs1+ZdpgcbqvQtPfeKUAp380dGL8V3Gw4rpVYDsiNxvKxdg6cHeyjrb0 fMHK07Pw8PRxUh2xr56a512HkPMhTPIx+xcjZ1RTly9QPXEWjWgDolOiMYRjL/ne UC/A8MumKMiJoltLwTly6si3ChklI36iyrVgH6MHaKjvqPWHH7z2303N632IXvmd KzGVdEtzn/X0zUyutl6c6eJEWidvgaVjLHRynxCeD6Cz5MX2EzD5ITYxyA4MmSgq FcD4NPn6EUs9k2zHSOyfe7extwNlXEslbWYq+rX4aT7FY+Ul7PTwzmAkhzRdOVpr 5Oi4hbwhyqt1DteBr/NNZAHK58BdxP6oi8rgZiZDANwRWk/Dx5xFKMIYD0Z2GHmG +bvA5DqaMLZPv26nHv1rgR9YNzTe/Tw651QePis+4X3YXx6yGuwDW2gs5JMNMnBT xOxT8zctDV1kghhh+IaZMopdQ+hlZCoJyVZv0DbLZoF9mZ74gzLdvCtFyFVvZ8ZG AxaDJxGrtzg= =va8E -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2022-4304) A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash. (CVE-2023-0215) A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an malicious user to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the malicious user to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network. (CVE-2023-0286).
Bug Fix(es):
-
[backport 4.12] s3 sync directory to a bucket fails with Internal Error in between the upload operation (BZ#2170416)
-
[4.12 clone] [Noobaa] Secrets are used in env variables (BZ#2171968)
-
[Backport to 4.12.z] Placeholder bug to backport the odf changes for Managed services epic RHSTOR-2442 to 4.12.z (BZ#2174335)
-
[ODF 4.12] Missing the status-reporter binary causing pods "report-status-to-provider" remain in CreateContainerError on ODF to ODF cluster on ROSA (BZ#2179978)
-
[MDR] After upgrade(redhat-operators) on hub from 4.12.1 to 4.12.2 noticed 2 token-exchange-agent pods on managed clusters and one of them on CBLO (BZ#2183198)
-
Solution:
For instructions on how to install and use OpenShift Serverless, see documentation linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):
2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics 2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters 2184482 - CVE-2023-24536 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial of service from excessive memory allocation 2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing 2185507 - Release of OpenShift Serverless Serving 1.29.0 2185509 - Release of OpenShift Serverless Eventing 1.29.0
- Description:
Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
2171965 - [4.11 clone] Secrets are used in env variables 2176012 - [ODF 4.11] Move the defaults for rookceph operator from configmap to csv 2181405 - CVE-2022-40186 vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity 2183683 - [ODF 4.11] Deployment of ODF 4.9 over external mode failing with: panic: assignment to entry in nil map in ocs-operator logs 2186456 - Include at ODF 4.11 container images the RHEL8 CVE fix on "openssl"
Bug Fix(es):
-
[4.12] must-gather doesn't collect ruletebles (BZ#2208641)
-
nft rules are not collected if the VMs are running in the node where must-gather is running (BZ#2214454)
-
[cnv-4.12] kubevirt should allow setting cluster-wide virt-launcher runtimeclass (BZ#2217913)
-
USB-redirection regression (BZ#2221222)
-
Bugs fixed (https://bugzilla.redhat.com/):
2027959 - [RFE] virt-launcher pod of Windows VM stuck in terminating state, no button in the UI to force power off
2182056 - Cloned VM should not use the same PVC of the source VM
2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace
2208641 - [4.12] must-gather doesn't collect ruletebles
2209318 - [4.12.z] VM connected to a VLAN is also receiving packets from VLAN 1
2209848 - OpenShift Virtualization Overview page shows no metrics for "All Projects"
2212085 - CVE-2023-3089 openshift: OCP & FIPS mode
2214454 - nft rules are not collected if the VMs are running in the node where must-gather is running
2216447 - must-gather: Multiple empty files under vms/
- JIRA issues fixed (https://issues.jboss.org/):
LOG-3730 - [release-5.5] /var/log/oauth-server/audit.log not being scraped by log collector
6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0482",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus primary server base",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "network security",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "4.6.3"
},
{
"model": "network security",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "3.7.34"
},
{
"model": "network security",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "4.3.16"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "endpoint security",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "7.2.40"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "3.0.0"
},
{
"model": "network security",
"scope": "gte",
"trust": 1.0,
"vendor": "stormshield",
"version": "2.7.0"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "3.0.8"
},
{
"model": "network security",
"scope": "gte",
"trust": 1.0,
"vendor": "stormshield",
"version": "2.8.0"
},
{
"model": "network security",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "3.11.22"
},
{
"model": "sslvpn",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "3.2.1"
},
{
"model": "network security",
"scope": "gte",
"trust": 1.0,
"vendor": "stormshield",
"version": "4.0.0"
},
{
"model": "network security",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "2.7.11"
},
{
"model": "network security",
"scope": "gte",
"trust": 1.0,
"vendor": "stormshield",
"version": "3.8.0"
},
{
"model": "network security",
"scope": "gte",
"trust": 1.0,
"vendor": "stormshield",
"version": "4.4.0"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2zg"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1t"
},
{
"model": "istorage v10e",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/it desktop management 2 - operations director",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/data highway - server starter edition",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/it desktop management 2 - smart device manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u74b0\u5883 for java",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/service support starter edition",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "\u5f97\u9078\u8857\u30fbgcb",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/file transmission server/ftp",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server-r",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/performance management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/automatic job management system 3 - definitions assistant",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "connexive pf",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "webotx application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "connexive application platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "hitachi global link manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "\u990a\u6b96\u9b5a\u30b5\u30a4\u30ba\u6e2c\u5b9a\u81ea\u52d5\u5316\u30b5\u30fc\u30d3\u30b9",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "iot \u5171\u901a\u57fa\u76e4",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "vran",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "ix \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "cosminexus http server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/automatic job management system 3 - manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/navigation platform for developers",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "nec multimedia olap for \u6620\u50cf\u5206\u6790\u30b5\u30fc\u30d3\u30b9",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "\u65e5\u7acb\u30a2\u30c9\u30d0\u30f3\u30b9\u30c8\u30b5\u30fc\u30d0 ha8000v \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "nec ai accelerator",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/snmp system observer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/operations analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/data highway - server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/service support",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi tiered storage manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi compute systems manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "esmpro/serveragent",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "istorage v100",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "hitachi device manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/base",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/automatic operation",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "nec enhanced speech analysis",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "openssl",
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": "webotx sip application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "hitachi replication manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "neoface monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "istorage v300",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "jp1/it desktop management 2 - manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/navigation platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi tuning manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "spoolserver/reportfiling",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"db": "NVD",
"id": "CVE-2022-4304"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "171596"
},
{
"db": "PACKETSTORM",
"id": "173895"
},
{
"db": "PACKETSTORM",
"id": "172045"
},
{
"db": "PACKETSTORM",
"id": "172741"
},
{
"db": "PACKETSTORM",
"id": "172678"
},
{
"db": "PACKETSTORM",
"id": "171976"
},
{
"db": "PACKETSTORM",
"id": "172460"
},
{
"db": "PACKETSTORM",
"id": "172147"
},
{
"db": "PACKETSTORM",
"id": "173150"
},
{
"db": "PACKETSTORM",
"id": "171140"
},
{
"db": "PACKETSTORM",
"id": "171345"
}
],
"trust": 1.1
},
"cve": "CVE-2022-4304",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-4304",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-4304",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-4304",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-4304",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-514",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-514"
},
{
"db": "NVD",
"id": "CVE-2022-4304"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE. \n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.9 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. ==========================================================================\nUbuntu Security Notice USN-6564-1\nJanuary 03, 2024\n\nnodejs vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Node.js. \n\nSoftware Description:\n- nodejs: An open-source, cross-platform JavaScript runtime environment. \n\nDetails:\n\nHubert Kario discovered that Node.js incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a specially crafted input\nfile, a remote attacker could possibly use this issue to obtain sensitive\ninformation. (CVE-2022-4304)\n\nCarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain\ninputs. If a user or an automated system were tricked into opening a specially\ncrafted input file, a remote attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-4450)\n\nOctavio Galland and Marcel B\u00f6hme discovered that Node.js incorrectly handled\ncertain inputs. If a user or an automated system were tricked into opening a\nspecially crafted input file, a remote attacker could possibly use this issue\nto cause a denial of service. (CVE-2023-0215)\n\nDavid Benjamin discovered that Node.js incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a specially crafted input\nfile, a remote attacker could possibly use this issue to obtain sensitive\ninformation. (CVE-2023-0286)\n\nHubert Kario and Dmitry Belyavsky discovered that Node.js incorrectly handled\ncertain inputs. If a user or an automated system were tricked into opening a\nspecially crafted input file, a remote attacker could possibly use this issue\nto cause a denial of service. (CVE-2023-0401)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n libnode-dev 12.22.9~dfsg-1ubuntu3.3\n libnode72 12.22.9~dfsg-1ubuntu3.3\n nodejs 12.22.9~dfsg-1ubuntu3.3\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202402-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple Vulnerabilities\n Date: February 04, 2024\n Bugs: #876787, #893446, #902779, #903545, #907413, #910556, #911560\n ID: 202402-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\ncould result in denial of service. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n---------------- ------------ ------------\ndev-libs/openssl \u003c 3.0.10 \u003e= 3.0.10\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-3.0.10\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-3358\n https://nvd.nist.gov/vuln/detail/CVE-2022-3358\n[ 2 ] CVE-2022-4203\n https://nvd.nist.gov/vuln/detail/CVE-2022-4203\n[ 3 ] CVE-2022-4304\n https://nvd.nist.gov/vuln/detail/CVE-2022-4304\n[ 4 ] CVE-2022-4450\n https://nvd.nist.gov/vuln/detail/CVE-2022-4450\n[ 5 ] CVE-2023-0215\n https://nvd.nist.gov/vuln/detail/CVE-2023-0215\n[ 6 ] CVE-2023-0216\n https://nvd.nist.gov/vuln/detail/CVE-2023-0216\n[ 7 ] CVE-2023-0217\n https://nvd.nist.gov/vuln/detail/CVE-2023-0217\n[ 8 ] CVE-2023-0286\n https://nvd.nist.gov/vuln/detail/CVE-2023-0286\n[ 9 ] CVE-2023-0401\n https://nvd.nist.gov/vuln/detail/CVE-2023-0401\n[ 10 ] CVE-2023-0464\n https://nvd.nist.gov/vuln/detail/CVE-2023-0464\n[ 11 ] CVE-2023-0465\n https://nvd.nist.gov/vuln/detail/CVE-2023-0465\n[ 12 ] CVE-2023-0466\n https://nvd.nist.gov/vuln/detail/CVE-2023-0466\n[ 13 ] CVE-2023-2650\n https://nvd.nist.gov/vuln/detail/CVE-2023-2650\n[ 14 ] CVE-2023-2975\n https://nvd.nist.gov/vuln/detail/CVE-2023-2975\n[ 15 ] CVE-2023-3446\n https://nvd.nist.gov/vuln/detail/CVE-2023-3446\n[ 16 ] CVE-2023-3817\n https://nvd.nist.gov/vuln/detail/CVE-2023-3817\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202402-08\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: read buffer overflow in X.509 certificate verification\n(CVE-2022-4203)\n\n* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)\n\n* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)\n\n* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)\n\n* openssl: invalid pointer dereference in d2i_PKCS7 functions\n(CVE-2023-0216)\n\n* openssl: NULL dereference validating DSA public key (CVE-2023-0217)\n\n* openssl: X.400 address type confusion in X.509 GeneralName\n(CVE-2023-0286)\n\n* openssl: NULL dereference during PKCS7 data verification (CVE-2023-0401)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* HMAC generation should reject key lengths \u003c 112 bits or provide an\nindicator in FIPS mode (BZ#2144000)\n\n* In FIPS mode, openssl should set a minimum length for passwords in PBKDF2\n(BZ#2144003)\n\n* stunnel consumes high amount of memory when pestered with TCP connections\nwithout a TLS handshake (BZ#2144008)\n\n* In FIPS mode, openssl should reject SHAKE as digest for RSA-OAEP or\nprovide an indicator (BZ#2144010)\n\n* In FIPS mode, openssl should reject RSASSA-PSS salt lengths larger than\nthe output size of the hash function used, or provide an indicator\n(BZ#2144012)\n\n* In FIPS mode, openssl should reject RSA signatures with X9.31 padding, or\nprovide an indicator (BZ#2144015)\n\n* In FIPS mode, openssl should reject SHA-224, SHA-384, SHA-512-224, and\nSHA-512-256 as hashes for hash-based DRBGs, or provide an indicator after\n2023-05-16 (BZ#2144017)\n\n* In FIPS mode, openssl should reject KDF input and output key lengths \u003c\n112 bits or provide an indicator (BZ#2144019)\n\n* In FIPS mode, openssl should reject RSA keys \u003c 2048 bits when using\nEVP_PKEY_decapsulate, or provide an indicator (BZ#2145170)\n\n* RHEL9.1 Nightly[0912] - error:03000093:digital envelope routines::command\nnot supported when git clone is run with configured ibmca engine backed by\nlibica.so.4 (OpenSSL 3.0) (BZ#2149010)\n\n* OpenSSL FIPS checksum code needs update (BZ#2158412)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. Bugs fixed (https://bugzilla.redhat.com/):\n\n2144000 - HMAC generation should reject key lengths \u003c 112 bits or provide an indicator in FIPS mode [rhel-9.1.0.z]\n2144003 - In FIPS mode, openssl should set a minimum length for passwords in PBKDF2 [rhel-9.1.0.z]\n2144006 - FIPS self-test data for RSA-CRT contains incorrect parameters [rhel-9.1.0.z]\n2144008 - stunnel consumes high amount of memory when pestered with TCP connections without a TLS handshake [rhel-9.1.0.z]\n2144010 - In FIPS mode, openssl should reject SHAKE as digest for RSA-OAEP or provide an indicator [rhel-9.1.0.z]\n2144012 - In FIPS mode, openssl should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator [rhel-9.1.0.z]\n2144015 - In FIPS mode, openssl should reject RSA signatures with X9.31 padding, or provide an indicator [rhel-9.1.0.z]\n2144017 - In FIPS mode, openssl should reject SHA-224, SHA-384, SHA-512-224, and SHA-512-256 as hashes for hash-based DRBGs, or provide an indicator after 2023-05-16 [rhel-9.1.0.z]\n2144019 - In FIPS mode, openssl should reject KDF input and output key lengths \u003c 112 bits or provide an indicator [rhel-9.1.0.z]\n2145170 - In FIPS mode, openssl should reject RSA keys \u003c 2048 bits when using EVP_PKEY_decapsulate, or provide an indicator [rhel-9.1.0.z]\n2158412 - OpenSSL FIPS checksum code needs update [rhel-9.1.0.z]\n2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName\n2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation\n2164488 - CVE-2022-4203 openssl: read buffer overflow in X.509 certificate verification\n2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF\n2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex\n2164497 - CVE-2023-0216 openssl: invalid pointer dereference in d2i_PKCS7 functions\n2164499 - CVE-2023-0217 openssl: NULL dereference validating DSA public key\n2164500 - CVE-2023-0401 openssl: NULL dereference during PKCS7 data verification\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. \n\nAdditional details can be found in the upstream advisories at\nhttps://www.openssl.org/news/secadv/20220705.txt and\nhttps://www.openssl.org/news/secadv/20230207.txt\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.1.1n-0+deb11u4. \n\nWe recommend that you upgrade your openssl packages. \n\nFor the detailed security status of openssl please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmPivONfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0RBCA/+IqJ9qtjytulO41yPphASSEu22XVN9EYAUsdcpsTmnDtp1zUQSZpQv5qk\n464Z2+0SkNtiHm5O5z5fs4LX0wXYBvLYrFnh2X2Z6rT+YFhXg8ZdEo+IysYSV7gB\nutbb1zbSqUSSLmlF/r6SnXy+HlTyB56p+k0MnLNHejes6DoghebZJGU6Dl5D8Z2J\nwOB6xi2sS3zVl1O+8//PPk5Sha8ESShuP/sBby01Xvpl65+8Icn7dXXHFNUn27rZ\nWdQCdxJaUJiqjZYzI5XAB+zHl8KNDiWP9MqIeT3g+YQ+nzSTeHxRPXDTDvClMv9y\nCJ90PaCY1DBNh5NrE2/IZkpIOKvTjRX3+db7Nab2GyRzLCP7p+1Bm14zHiKRHPOR\nt/6yX11diIF2zvlP/7qeCGkutv9KrFjSW81o1GgJMdt8uduHa95IgKNNUsA6Wf3O\nSkUP4EYfhXs2+TIfEenvqLuAmLsQBCRCvNDdmEGhtR4r0hpvcJ4eOaDBE6FWih1J\ni0mpDIjBYOV2iEUe85XfYflrcFfaxSwbl4ultH3Q3eWtiMwLgXqJ9dKRQEXJX7hp\n48zKPwnftJbGBri9Y293sMjcpv3F/PTjXMh8LcUSVDkVVdQ8cLSmdmP4v4wSzV/q\nZ7KATUs6YAod4ts5u3/zD97Mzk0Xiecw/ggevbCfCvQTByk02Fg=lXE/\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: OpenShift Container Platform 4.12.22 bug fix and security update\nAdvisory ID: RHSA-2023:3615-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:3615\nIssue date: 2023-06-22\nCVE Names: CVE-2021-4235 CVE-2022-4304 CVE-2022-4450 \n CVE-2023-0215 CVE-2023-0361 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.12.22 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.12. \n\nRed Hat Product Security has rated this update as having a security impact\nof [impact]. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.12.22. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2023:3613\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html\n\nSecurity Fix(es):\n\n* go-yaml: Denial of Service in go-yaml (CVE-2021-4235)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.12 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. \n\nThe sha values for the release are:\n\n(For x86_64 architecture)\nThe image digest is\nsha256:ba7956f5c2aae61c8ff3ab1ab2ee7e625db9b1c8964a65339764db79c148e4e6\n\n(For s390x architecture)\nThe image digest is\nsha256:36d8c9581c255ea3fb48ee8e3b4acb2e4b408f1c3542b16c55c0637403ef29e7\n\n(For ppc64le architecture)\nThe image digest is\nsha256:1a3f611d665c1d2b2ddb54d4f54e64c181e59fb57ec97c0578cad42c436a9bbc\n\n(For aarch64 architecture)\nThe image digest is\nsha256:36fe7b5c69297210f8bc0303a58c019fdc4ca578d0c3340b1bc847c47e87d333\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2156727 - CVE-2021-4235 go-yaml: Denial of Service in go-yaml\n\n5. JIRA issues fixed (https://issues.redhat.com/):\n\nOCPBUGS-13785 - EgressNetworkPolicy DNS resolution does not fall back to TCP for truncated responses\nOCPBUGS-14333 - Package openvswitch2.17 conflicts with openvswitch2.15 during the 4.12 to 4.13 upgrade of RHEL worker\nOCPBUGS-14454 - CRL configmap is limited by 1MB max, not allowing for multiple public CRLS. (4.12)\nOCPBUGS-14455 - mtls CRL not working when using an intermediate CA (4.12)\nOCPBUGS-14647 - Errors when running must-gather for 4.12 Rosa/Hypershift cluster \nOCPBUGS-14671 - It must be possible to append a piece of FRR configuration to what MetalLB renders\nOCPBUGS-14717 - Maximum Number Of Egress IPs Supported\nOCPBUGS-14745 - container_network* metrics stop reporting after container restart\nOCPBUGS-8673 - [whereabouts-cni] [release-4.12] Backport DualStack and the new reconciler to whereabouts plugin 4.12\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-4235\nhttps://access.redhat.com/security/cve/CVE-2022-4304\nhttps://access.redhat.com/security/cve/CVE-2022-4450\nhttps://access.redhat.com/security/cve/CVE-2023-0215\nhttps://access.redhat.com/security/cve/CVE-2023-0361\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZJZol9zjgjWX9erEAQisXA/+NLLB9/gV0VO/r2mMIiaD7nzF25RMNy6E\nW07FAfzzYtrxMYspYtRAKnPv7tLJJT6Aa+xJ0O8jtnv1P0e1BdOr5MrsHiALZgiQ\nOWj5Px61nnKIRrrBNAEk2nKs2in96otOZryLzWy2osQCl+T17U1/gEQvpYhl18FE\nUWIHtP3Rzs1+ZdpgcbqvQtPfeKUAp380dGL8V3Gw4rpVYDsiNxvKxdg6cHeyjrb0\nfMHK07Pw8PRxUh2xr56a512HkPMhTPIx+xcjZ1RTly9QPXEWjWgDolOiMYRjL/ne\nUC/A8MumKMiJoltLwTly6si3ChklI36iyrVgH6MHaKjvqPWHH7z2303N632IXvmd\nKzGVdEtzn/X0zUyutl6c6eJEWidvgaVjLHRynxCeD6Cz5MX2EzD5ITYxyA4MmSgq\nFcD4NPn6EUs9k2zHSOyfe7extwNlXEslbWYq+rX4aT7FY+Ul7PTwzmAkhzRdOVpr\n5Oi4hbwhyqt1DteBr/NNZAHK58BdxP6oi8rgZiZDANwRWk/Dx5xFKMIYD0Z2GHmG\n+bvA5DqaMLZPv26nHv1rgR9YNzTe/Tw651QePis+4X3YXx6yGuwDW2gs5JMNMnBT\nxOxT8zctDV1kghhh+IaZMopdQ+hlZCoJyVZv0DbLZoF9mZ74gzLdvCtFyFVvZ8ZG\nAxaDJxGrtzg=\n=va8E\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. (CVE-2022-4304)\nA use-after-free vulnerability was found in OpenSSL\u0027s BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash. (CVE-2023-0215)\nA type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an malicious user to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the malicious user to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network. (CVE-2023-0286). \n\nBug Fix(es):\n\n* [backport 4.12] s3 sync directory to a bucket fails with Internal Error\nin between the upload operation (BZ#2170416)\n\n* [4.12 clone] [Noobaa] Secrets are used in env variables (BZ#2171968)\n\n* [Backport to 4.12.z] Placeholder bug to backport the odf changes for\nManaged services epic RHSTOR-2442 to 4.12.z (BZ#2174335)\n\n* [ODF 4.12] Missing the status-reporter binary causing pods\n\"report-status-to-provider\" remain in CreateContainerError on ODF to ODF\ncluster on ROSA (BZ#2179978)\n\n* [MDR] After upgrade(redhat-operators) on hub from 4.12.1 to 4.12.2\nnoticed 2 token-exchange-agent pods on managed clusters and one of them on\nCBLO (BZ#2183198)\n\n3. Solution:\n\nFor instructions on how to install and use OpenShift Serverless, see\ndocumentation linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly\n2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding\n2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption\n2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics\n2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters\n2184482 - CVE-2023-24536 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption\n2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial of service from excessive memory allocation\n2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing\n2185507 - Release of OpenShift Serverless Serving 1.29.0\n2185509 - Release of OpenShift Serverless Eventing 1.29.0\n\n5. Description:\n\nRed Hat OpenShift Data Foundation is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Data Foundation. In addition to persistent storage, Red Hat OpenShift\nData Foundation provisions a multicloud data management service with an S3\ncompatible API. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2171965 - [4.11 clone] Secrets are used in env variables\n2176012 - [ODF 4.11] Move the defaults for rookceph operator from configmap to csv\n2181405 - CVE-2022-40186 vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity\n2183683 - [ODF 4.11] Deployment of ODF 4.9 over external mode failing with: panic: assignment to entry in nil map in ocs-operator logs\n2186456 - Include at ODF 4.11 container images the RHEL8 CVE fix on \"openssl\"\n\n5. \n\nBug Fix(es):\n\n* [4.12] must-gather doesn\u0027t collect ruletebles (BZ#2208641)\n\n* nft rules are not collected if the VMs are running in the node where\nmust-gather is running (BZ#2214454)\n\n* [cnv-4.12] kubevirt should allow setting cluster-wide virt-launcher\nruntimeclass (BZ#2217913)\n\n* USB-redirection regression (BZ#2221222)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2027959 - [RFE] virt-launcher pod of Windows VM stuck in terminating state, no button in the UI to force power off\n2182056 - Cloned VM should not use the same PVC of the source VM\n2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace\n2208641 - [4.12] must-gather doesn\u0027t collect ruletebles\n2209318 - [4.12.z] VM connected to a VLAN is also receiving packets from VLAN 1\n2209848 - OpenShift Virtualization Overview page shows no metrics for \"All Projects\"\n2212085 - CVE-2023-3089 openshift: OCP \u0026 FIPS mode\n2214454 - nft rules are not collected if the VMs are running in the node where must-gather is running\n2216447 - must-gather: Multiple empty files under vms/\u003cvm-name\u003e if the VM was live migrated\n2216449 - must-gather is using unavailable brctl command\n2217913 - [cnv-4.12] kubevirt should allow setting cluster-wide virt-launcher runtimeclass\n2220843 - [4.12]Missing StorageProfile defaults for IBM and AWS EFS CSI provisioners\n2221222 - USB-redirection regression\n2222011 - [4.12]DataImportCron Garbage Collection can mistakenly delete latest PVC\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-3730 - [release-5.5] /var/log/oauth-server/audit.log not being scraped by log collector\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-4304"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"db": "PACKETSTORM",
"id": "172147"
},
{
"db": "PACKETSTORM",
"id": "176366"
},
{
"db": "PACKETSTORM",
"id": "176985"
},
{
"db": "PACKETSTORM",
"id": "171345"
},
{
"db": "PACKETSTORM",
"id": "171140"
},
{
"db": "PACKETSTORM",
"id": "170896"
},
{
"db": "PACKETSTORM",
"id": "173150"
},
{
"db": "VULMON",
"id": "CVE-2022-4304"
},
{
"db": "PACKETSTORM",
"id": "171976"
},
{
"db": "PACKETSTORM",
"id": "172678"
},
{
"db": "PACKETSTORM",
"id": "172741"
},
{
"db": "PACKETSTORM",
"id": "172045"
},
{
"db": "PACKETSTORM",
"id": "173895"
},
{
"db": "PACKETSTORM",
"id": "171596"
},
{
"db": "PACKETSTORM",
"id": "172460"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-4304",
"trust": 4.7
},
{
"db": "ICS CERT",
"id": "ICSA-23-143-02",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-320-08",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-075-04",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-046-15",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-166-11",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-255-01",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-194-04",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-205-02",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-222-09",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-102-08",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-165-10",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-165-06",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-165-11",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91213144",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95292697",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99464755",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU93250330",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99836374",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91198149",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99752892",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90056839",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92598492",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98954443",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91676340",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97200253",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003736",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.3456",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2630",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1351",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3146",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2896",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0732",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2516",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1074",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3438",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.4082",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3597",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1878",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3191",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.4026",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2262",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1263",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2395",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0703",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3206",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3115",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1430",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2295",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3631",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1327",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2465",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "170921",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-514",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-4304",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171596",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "173895",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172045",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172678",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171976",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172460",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172147",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "173150",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170896",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171140",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171345",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176985",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176366",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-4304"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"db": "PACKETSTORM",
"id": "171596"
},
{
"db": "PACKETSTORM",
"id": "173895"
},
{
"db": "PACKETSTORM",
"id": "172045"
},
{
"db": "PACKETSTORM",
"id": "172741"
},
{
"db": "PACKETSTORM",
"id": "172678"
},
{
"db": "PACKETSTORM",
"id": "171976"
},
{
"db": "PACKETSTORM",
"id": "172460"
},
{
"db": "PACKETSTORM",
"id": "172147"
},
{
"db": "PACKETSTORM",
"id": "173150"
},
{
"db": "PACKETSTORM",
"id": "170896"
},
{
"db": "PACKETSTORM",
"id": "171140"
},
{
"db": "PACKETSTORM",
"id": "171345"
},
{
"db": "PACKETSTORM",
"id": "176985"
},
{
"db": "PACKETSTORM",
"id": "176366"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-514"
},
{
"db": "NVD",
"id": "CVE-2022-4304"
}
]
},
"id": "VAR-202302-0482",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2376099833333333
},
"last_update_date": "2024-11-25T20:42:02.010000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2023-135 Software product security information",
"trust": 0.8,
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"title": "OpenSSL Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=224159"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-4304"
},
{
"title": "Amazon Linux AMI: ALAS-2023-1683",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2023-1683"
},
{
"title": "Debian Security Advisories: DSA-5343-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b6a11b827fe9cfaea9c113b2ad37856f"
},
{
"title": "Amazon Linux 2: ALAS2-2023-1935",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-1935"
},
{
"title": "Amazon Linux 2: ALAS2-2023-1934",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-1934"
},
{
"title": "Palo Alto Networks Security Advisory: PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=3092389eb9f034e4b8387a75a5ae33f8"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-4304 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-4304"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-514"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"db": "NVD",
"id": "CVE-2022-4304"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4304"
},
{
"trust": 1.8,
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/security/cve/cve-2022-4304"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0215"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4450"
},
{
"trust": 1.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0215"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0286"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2022-4450"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2023-0286"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91213144/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99752892/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91676340/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99464755/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95292697/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90056839/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97200253/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92598492/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98954443/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91198149/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99836374/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93250330/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-04"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-02"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-11"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-04"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-09"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-01"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-08"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-102-08"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-06"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-10"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-11"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-02"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2395"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2295"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2896"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3206"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1263"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2630"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3146"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0703"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3438"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1878"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1074"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2262"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170921/openssl-toolkit-3.0.8.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3191"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.4082"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3115"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3456"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1351"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.4026"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-4304/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1430"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2465"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3631"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3597"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0732"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1327"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2516"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2023-23916"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2023-0361"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23916"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0361"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0401"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-41717"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-4415"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-41724"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-41725"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4203"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0217"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0216"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41717"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0767"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0767"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41723"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-41723"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-48303"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40897"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10735"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4415"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-45061"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10735"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-45061"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28861"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28861"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-48303"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41724"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-25173"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41725"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-4203"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0216"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0401"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0217"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-4304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2023-1683.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1310"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24736"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-24540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2828"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24736"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-26604"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4421"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-2283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-24329"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-3089"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-1667"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-24329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-24540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-26604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1667"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3089"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-2828"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40186"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40186"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-21938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21967"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-24537"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-36227"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21939"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-21939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-21937"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21954"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-21930"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-24538"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-27535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:3455"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21968"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-24534"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21937"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36227"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-24536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:3408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22662"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-35737"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27664"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-47629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-46848"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22628"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-34903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40303"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27664"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46848"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-25173"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-28617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2107"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4235"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:3615"
},
{
"trust": 0.1,
"url": "https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags."
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:3613"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4235"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv/20220705.txt"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/openssl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1199"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0466"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0464"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3817"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3446"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0465"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2650"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6564-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nodejs/12.22.9~dfsg-1ubuntu3.3"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-4304"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"db": "PACKETSTORM",
"id": "171596"
},
{
"db": "PACKETSTORM",
"id": "173895"
},
{
"db": "PACKETSTORM",
"id": "172045"
},
{
"db": "PACKETSTORM",
"id": "172741"
},
{
"db": "PACKETSTORM",
"id": "172678"
},
{
"db": "PACKETSTORM",
"id": "171976"
},
{
"db": "PACKETSTORM",
"id": "172460"
},
{
"db": "PACKETSTORM",
"id": "172147"
},
{
"db": "PACKETSTORM",
"id": "173150"
},
{
"db": "PACKETSTORM",
"id": "170896"
},
{
"db": "PACKETSTORM",
"id": "171140"
},
{
"db": "PACKETSTORM",
"id": "171345"
},
{
"db": "PACKETSTORM",
"id": "176985"
},
{
"db": "PACKETSTORM",
"id": "176366"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-514"
},
{
"db": "NVD",
"id": "CVE-2022-4304"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-4304"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"db": "PACKETSTORM",
"id": "171596"
},
{
"db": "PACKETSTORM",
"id": "173895"
},
{
"db": "PACKETSTORM",
"id": "172045"
},
{
"db": "PACKETSTORM",
"id": "172741"
},
{
"db": "PACKETSTORM",
"id": "172678"
},
{
"db": "PACKETSTORM",
"id": "171976"
},
{
"db": "PACKETSTORM",
"id": "172460"
},
{
"db": "PACKETSTORM",
"id": "172147"
},
{
"db": "PACKETSTORM",
"id": "173150"
},
{
"db": "PACKETSTORM",
"id": "170896"
},
{
"db": "PACKETSTORM",
"id": "171140"
},
{
"db": "PACKETSTORM",
"id": "171345"
},
{
"db": "PACKETSTORM",
"id": "176985"
},
{
"db": "PACKETSTORM",
"id": "176366"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-514"
},
{
"db": "NVD",
"id": "CVE-2022-4304"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-08T00:00:00",
"db": "VULMON",
"id": "CVE-2022-4304"
},
{
"date": "2023-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"date": "2023-03-30T17:30:33",
"db": "PACKETSTORM",
"id": "171596"
},
{
"date": "2023-08-02T15:35:34",
"db": "PACKETSTORM",
"id": "173895"
},
{
"date": "2023-04-26T15:28:12",
"db": "PACKETSTORM",
"id": "172045"
},
{
"date": "2023-06-06T16:34:53",
"db": "PACKETSTORM",
"id": "172741"
},
{
"date": "2023-06-01T14:43:05",
"db": "PACKETSTORM",
"id": "172678"
},
{
"date": "2023-04-24T14:50:18",
"db": "PACKETSTORM",
"id": "171976"
},
{
"date": "2023-05-19T14:41:19",
"db": "PACKETSTORM",
"id": "172460"
},
{
"date": "2023-05-04T14:45:01",
"db": "PACKETSTORM",
"id": "172147"
},
{
"date": "2023-06-27T15:21:05",
"db": "PACKETSTORM",
"id": "173150"
},
{
"date": "2023-02-08T15:58:04",
"db": "PACKETSTORM",
"id": "170896"
},
{
"date": "2023-02-28T16:00:26",
"db": "PACKETSTORM",
"id": "171140"
},
{
"date": "2023-03-15T14:35:15",
"db": "PACKETSTORM",
"id": "171345"
},
{
"date": "2024-02-05T15:20:51",
"db": "PACKETSTORM",
"id": "176985"
},
{
"date": "2024-01-03T14:50:24",
"db": "PACKETSTORM",
"id": "176366"
},
{
"date": "2023-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-514"
},
{
"date": "2023-02-08T20:15:23.887000",
"db": "NVD",
"id": "CVE-2022-4304"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-4304"
},
{
"date": "2024-11-14T01:08:00",
"db": "JVNDB",
"id": "JVNDB-2022-003736"
},
{
"date": "2023-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-514"
},
{
"date": "2024-02-04T09:15:08.627000",
"db": "NVD",
"id": "CVE-2022-4304"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "176366"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-514"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL\u00a0 side-channel vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003736"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-514"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.