Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-40674 (GCVE-0-2022-40674)
Vulnerability from cvelistv5 – Published: 2022-09-14 00:00 – Updated: 2025-05-30 19:18
VLAI
EPSS
Summary
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-416 - Use After Free
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://github.com/libexpat/libexpat/pull/629 | |
| https://github.com/libexpat/libexpat/pull/640 | |
| https://www.debian.org/security/2022/dsa-5236 | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-list |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://security.netapp.com/advisory/ntap-2022102… | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://security.gentoo.org/glsa/202211-06 | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/pull/629"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/pull/640"
},
{
"name": "DSA-5236",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5236"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3119-1] expat security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html"
},
{
"name": "GLSA-202209-24",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-24"
},
{
"name": "FEDORA-2022-15ec504440",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/"
},
{
"name": "FEDORA-2022-c68d90efc3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0008/"
},
{
"name": "FEDORA-2022-d93b3bd8b9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/"
},
{
"name": "FEDORA-2022-c22feb71ba",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/"
},
{
"name": "FEDORA-2022-dcb1d7bcb1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/"
},
{
"name": "GLSA-202211-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202211-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T19:17:58.194138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T19:18:52.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-22T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libexpat/libexpat/pull/629"
},
{
"url": "https://github.com/libexpat/libexpat/pull/640"
},
{
"name": "DSA-5236",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5236"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3119-1] expat security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html"
},
{
"name": "GLSA-202209-24",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-24"
},
{
"name": "FEDORA-2022-15ec504440",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/"
},
{
"name": "FEDORA-2022-c68d90efc3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221028-0008/"
},
{
"name": "FEDORA-2022-d93b3bd8b9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/"
},
{
"name": "FEDORA-2022-c22feb71ba",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/"
},
{
"name": "FEDORA-2022-dcb1d7bcb1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/"
},
{
"name": "GLSA-202211-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202211-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40674",
"datePublished": "2022-09-14T00:00:00.000Z",
"dateReserved": "2022-09-14T00:00:00.000Z",
"dateUpdated": "2025-05-30T19:18:52.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-40674",
"date": "2026-06-20",
"epss": "0.01628",
"percentile": "0.73076"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.4.9\", \"matchCriteriaId\": \"FA91481F-5F79-4934-807C-6F480F2D4A3D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.\"}, {\"lang\": \"es\", \"value\": \"libexpat versiones anteriores a 2.4.9, presenta un uso de memoria previamente liberada en la funci\\u00f3n doContent en el archivo xmlparse.c\"}]",
"id": "CVE-2022-40674",
"lastModified": "2024-11-21T07:21:49.660",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}]}",
"published": "2022-09-14T11:15:54.020",
"references": "[{\"url\": \"https://github.com/libexpat/libexpat/pull/629\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/libexpat/libexpat/pull/640\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202209-24\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202211-06\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221028-0008/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5236\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/libexpat/libexpat/pull/629\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/libexpat/libexpat/pull/640\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202209-24\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202211-06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221028-0008/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5236\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-40674\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-09-14T11:15:54.020\",\"lastModified\":\"2025-05-30T20:15:30.970\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.\"},{\"lang\":\"es\",\"value\":\"libexpat versiones anteriores a 2.4.9, presenta un uso de memoria previamente liberada en la funci\u00f3n doContent en el archivo xmlparse.c\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.9\",\"matchCriteriaId\":\"FA91481F-5F79-4934-807C-6F480F2D4A3D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}],\"references\":[{\"url\":\"https://github.com/libexpat/libexpat/pull/629\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/libexpat/libexpat/pull/640\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202209-24\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202211-06\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221028-0008/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5236\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/libexpat/libexpat/pull/629\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/libexpat/libexpat/pull/640\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202209-24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202211-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221028-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5236\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/libexpat/libexpat/pull/629\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/libexpat/libexpat/pull/640\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5236\", \"name\": \"DSA-5236\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html\", \"name\": \"[debian-lts-announce] 20220925 [SECURITY] [DLA 3119-1] expat security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202209-24\", \"name\": \"GLSA-202209-24\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/\", \"name\": \"FEDORA-2022-15ec504440\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/\", \"name\": \"FEDORA-2022-c68d90efc3\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221028-0008/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/\", \"name\": \"FEDORA-2022-d93b3bd8b9\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/\", \"name\": \"FEDORA-2022-c22feb71ba\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/\", \"name\": \"FEDORA-2022-dcb1d7bcb1\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202211-06\", \"name\": \"GLSA-202211-06\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:21:46.545Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-40674\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-30T19:17:58.194138Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-30T19:17:27.526Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/libexpat/libexpat/pull/629\"}, {\"url\": \"https://github.com/libexpat/libexpat/pull/640\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5236\", \"name\": \"DSA-5236\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html\", \"name\": \"[debian-lts-announce] 20220925 [SECURITY] [DLA 3119-1] expat security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.gentoo.org/glsa/202209-24\", \"name\": \"GLSA-202209-24\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/\", \"name\": \"FEDORA-2022-15ec504440\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/\", \"name\": \"FEDORA-2022-c68d90efc3\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221028-0008/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/\", \"name\": \"FEDORA-2022-d93b3bd8b9\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/\", \"name\": \"FEDORA-2022-c22feb71ba\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/\", \"name\": \"FEDORA-2022-dcb1d7bcb1\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202211-06\", \"name\": \"GLSA-202211-06\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2022-11-22T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-40674\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-30T19:18:52.952Z\", \"dateReserved\": \"2022-09-14T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2022-09-14T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SUSE-SU-2022:3466-1
Vulnerability from csaf_suse - Published: 2022-09-29 09:43 - Updated: 2022-09-29 09:43Summary
Security update for expat
Severity
Important
Notes
Title of the patch: Security update for expat
Description of the patch: This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
Patchnames: SUSE-2022-3466,SUSE-OpenStack-Cloud-9-2022-3466,SUSE-OpenStack-Cloud-Crowbar-9-2022-3466,SUSE-SLE-SAP-12-SP4-2022-3466,SUSE-SLE-SDK-12-SP5-2022-3466,SUSE-SLE-SERVER-12-SP2-BCL-2022-3466,SUSE-SLE-SERVER-12-SP3-BCL-2022-3466,SUSE-SLE-SERVER-12-SP4-LTSS-2022-3466,SUSE-SLE-SERVER-12-SP5-2022-3466
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:expat-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libexpat1-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libexpat1-32bit-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:expat-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:libexpat1-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:libexpat1-32bit-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-32bit-2.1.0-21.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-32bit-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libexpat1-32bit-2.1.0-21.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:libexpat1-32bit-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:expat-2.1.0-21.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:expat-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexpat1-2.1.0-21.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexpat1-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexpat1-32bit-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-32bit-2.1.0-21.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-32bit-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:expat-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libexpat1-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:libexpat1-32bit-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:expat-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libexpat1-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:libexpat1-32bit-2.1.0-21.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for expat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for expat fixes the following issues:\n\n- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3466,SUSE-OpenStack-Cloud-9-2022-3466,SUSE-OpenStack-Cloud-Crowbar-9-2022-3466,SUSE-SLE-SAP-12-SP4-2022-3466,SUSE-SLE-SDK-12-SP5-2022-3466,SUSE-SLE-SERVER-12-SP2-BCL-2022-3466,SUSE-SLE-SERVER-12-SP3-BCL-2022-3466,SUSE-SLE-SERVER-12-SP4-LTSS-2022-3466,SUSE-SLE-SERVER-12-SP5-2022-3466",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3466-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3466-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223466-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3466-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012447.html"
},
{
"category": "self",
"summary": "SUSE Bug 1203438",
"url": "https://bugzilla.suse.com/1203438"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-40674 page",
"url": "https://www.suse.com/security/cve/CVE-2022-40674/"
}
],
"title": "Security update for expat",
"tracking": {
"current_release_date": "2022-09-29T09:43:37Z",
"generator": {
"date": "2022-09-29T09:43:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3466-1",
"initial_release_date": "2022-09-29T09:43:37Z",
"revision_history": [
{
"date": "2022-09-29T09:43:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "expat-2.1.0-21.25.1.aarch64",
"product": {
"name": "expat-2.1.0-21.25.1.aarch64",
"product_id": "expat-2.1.0-21.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.1.0-21.25.1.aarch64",
"product": {
"name": "libexpat-devel-2.1.0-21.25.1.aarch64",
"product_id": "libexpat-devel-2.1.0-21.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.1.0-21.25.1.aarch64",
"product": {
"name": "libexpat1-2.1.0-21.25.1.aarch64",
"product_id": "libexpat1-2.1.0-21.25.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat-devel-64bit-2.1.0-21.25.1.aarch64_ilp32",
"product": {
"name": "libexpat-devel-64bit-2.1.0-21.25.1.aarch64_ilp32",
"product_id": "libexpat-devel-64bit-2.1.0-21.25.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libexpat1-64bit-2.1.0-21.25.1.aarch64_ilp32",
"product": {
"name": "libexpat1-64bit-2.1.0-21.25.1.aarch64_ilp32",
"product_id": "libexpat1-64bit-2.1.0-21.25.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.1.0-21.25.1.i586",
"product": {
"name": "expat-2.1.0-21.25.1.i586",
"product_id": "expat-2.1.0-21.25.1.i586"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.1.0-21.25.1.i586",
"product": {
"name": "libexpat-devel-2.1.0-21.25.1.i586",
"product_id": "libexpat-devel-2.1.0-21.25.1.i586"
}
},
{
"category": "product_version",
"name": "libexpat1-2.1.0-21.25.1.i586",
"product": {
"name": "libexpat1-2.1.0-21.25.1.i586",
"product_id": "libexpat1-2.1.0-21.25.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.1.0-21.25.1.ppc64le",
"product": {
"name": "expat-2.1.0-21.25.1.ppc64le",
"product_id": "expat-2.1.0-21.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.1.0-21.25.1.ppc64le",
"product": {
"name": "libexpat-devel-2.1.0-21.25.1.ppc64le",
"product_id": "libexpat-devel-2.1.0-21.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat1-2.1.0-21.25.1.ppc64le",
"product": {
"name": "libexpat1-2.1.0-21.25.1.ppc64le",
"product_id": "libexpat1-2.1.0-21.25.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.1.0-21.25.1.s390",
"product": {
"name": "expat-2.1.0-21.25.1.s390",
"product_id": "expat-2.1.0-21.25.1.s390"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.1.0-21.25.1.s390",
"product": {
"name": "libexpat-devel-2.1.0-21.25.1.s390",
"product_id": "libexpat-devel-2.1.0-21.25.1.s390"
}
},
{
"category": "product_version",
"name": "libexpat1-2.1.0-21.25.1.s390",
"product": {
"name": "libexpat1-2.1.0-21.25.1.s390",
"product_id": "libexpat1-2.1.0-21.25.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.1.0-21.25.1.s390x",
"product": {
"name": "expat-2.1.0-21.25.1.s390x",
"product_id": "expat-2.1.0-21.25.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.1.0-21.25.1.s390x",
"product": {
"name": "libexpat-devel-2.1.0-21.25.1.s390x",
"product_id": "libexpat-devel-2.1.0-21.25.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.1.0-21.25.1.s390x",
"product": {
"name": "libexpat-devel-32bit-2.1.0-21.25.1.s390x",
"product_id": "libexpat-devel-32bit-2.1.0-21.25.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat1-2.1.0-21.25.1.s390x",
"product": {
"name": "libexpat1-2.1.0-21.25.1.s390x",
"product_id": "libexpat1-2.1.0-21.25.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.1.0-21.25.1.s390x",
"product": {
"name": "libexpat1-32bit-2.1.0-21.25.1.s390x",
"product_id": "libexpat1-32bit-2.1.0-21.25.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.1.0-21.25.1.x86_64",
"product": {
"name": "expat-2.1.0-21.25.1.x86_64",
"product_id": "expat-2.1.0-21.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.1.0-21.25.1.x86_64",
"product": {
"name": "libexpat-devel-2.1.0-21.25.1.x86_64",
"product_id": "libexpat-devel-2.1.0-21.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.1.0-21.25.1.x86_64",
"product": {
"name": "libexpat-devel-32bit-2.1.0-21.25.1.x86_64",
"product_id": "libexpat-devel-32bit-2.1.0-21.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.1.0-21.25.1.x86_64",
"product": {
"name": "libexpat1-2.1.0-21.25.1.x86_64",
"product_id": "libexpat1-2.1.0-21.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.1.0-21.25.1.x86_64",
"product": {
"name": "libexpat1-32bit-2.1.0-21.25.1.x86_64",
"product_id": "libexpat1-32bit-2.1.0-21.25.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:expat-2.1.0-21.25.1.x86_64"
},
"product_reference": "expat-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:libexpat1-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat1-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-21.25.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:libexpat1-32bit-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:expat-2.1.0-21.25.1.x86_64"
},
"product_reference": "expat-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:libexpat1-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat1-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-21.25.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:libexpat1-32bit-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:expat-2.1.0-21.25.1.ppc64le"
},
"product_reference": "expat-2.1.0-21.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:expat-2.1.0-21.25.1.x86_64"
},
"product_reference": "expat-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexpat1-2.1.0-21.25.1.ppc64le"
},
"product_reference": "libexpat1-2.1.0-21.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexpat1-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat1-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexpat1-32bit-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.1.0-21.25.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.aarch64"
},
"product_reference": "libexpat-devel-2.1.0-21.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.1.0-21.25.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.ppc64le"
},
"product_reference": "libexpat-devel-2.1.0-21.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.1.0-21.25.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.s390x"
},
"product_reference": "libexpat-devel-2.1.0-21.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat-devel-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:expat-2.1.0-21.25.1.x86_64"
},
"product_reference": "expat-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libexpat1-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat1-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libexpat1-32bit-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:expat-2.1.0-21.25.1.x86_64"
},
"product_reference": "expat-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:libexpat1-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat1-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:libexpat1-32bit-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.aarch64"
},
"product_reference": "expat-2.1.0-21.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.ppc64le"
},
"product_reference": "expat-2.1.0-21.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.s390x"
},
"product_reference": "expat-2.1.0-21.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.x86_64"
},
"product_reference": "expat-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.aarch64"
},
"product_reference": "libexpat1-2.1.0-21.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.ppc64le"
},
"product_reference": "libexpat1-2.1.0-21.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.s390x"
},
"product_reference": "libexpat1-2.1.0-21.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat1-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-21.25.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-32bit-2.1.0-21.25.1.s390x"
},
"product_reference": "libexpat1-32bit-2.1.0-21.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-32bit-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.aarch64"
},
"product_reference": "expat-2.1.0-21.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.ppc64le"
},
"product_reference": "expat-2.1.0-21.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.s390x"
},
"product_reference": "expat-2.1.0-21.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.x86_64"
},
"product_reference": "expat-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.aarch64"
},
"product_reference": "libexpat1-2.1.0-21.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.ppc64le"
},
"product_reference": "libexpat1-2.1.0-21.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.s390x"
},
"product_reference": "libexpat1-2.1.0-21.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat1-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-21.25.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libexpat1-32bit-2.1.0-21.25.1.s390x"
},
"product_reference": "libexpat1-32bit-2.1.0-21.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libexpat1-32bit-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.aarch64"
},
"product_reference": "expat-2.1.0-21.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.ppc64le"
},
"product_reference": "expat-2.1.0-21.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.s390x"
},
"product_reference": "expat-2.1.0-21.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.x86_64"
},
"product_reference": "expat-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.aarch64"
},
"product_reference": "libexpat1-2.1.0-21.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.ppc64le"
},
"product_reference": "libexpat1-2.1.0-21.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.s390x"
},
"product_reference": "libexpat1-2.1.0-21.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat1-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-21.25.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-32bit-2.1.0-21.25.1.s390x"
},
"product_reference": "libexpat1-32bit-2.1.0-21.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.1.0-21.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-32bit-2.1.0-21.25.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.1.0-21.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-40674"
}
],
"notes": [
{
"category": "general",
"text": "libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-32bit-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-32bit-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:expat-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexpat1-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-32bit-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud 9:expat-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud 9:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud 9:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:expat-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libexpat1-32bit-2.1.0-21.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-40674",
"url": "https://www.suse.com/security/cve/CVE-2022-40674"
},
{
"category": "external",
"summary": "SUSE Bug 1203438 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1203438"
},
{
"category": "external",
"summary": "SUSE Bug 1204099 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1204099"
},
{
"category": "external",
"summary": "SUSE Bug 1204177 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1204177"
},
{
"category": "external",
"summary": "SUSE Bug 1204509 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1204509"
},
{
"category": "external",
"summary": "SUSE Bug 1205077 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1205077"
},
{
"category": "external",
"summary": "SUSE Bug 1205285 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1205285"
},
{
"category": "external",
"summary": "SUSE Bug 1205527 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1205527"
},
{
"category": "external",
"summary": "SUSE Bug 1205598 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1205598"
},
{
"category": "external",
"summary": "SUSE Bug 1208339 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1208339"
},
{
"category": "external",
"summary": "SUSE Bug 1208753 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1208753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-32bit-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-32bit-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:expat-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexpat1-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-32bit-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud 9:expat-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud 9:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud 9:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:expat-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libexpat1-32bit-2.1.0-21.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-32bit-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-32bit-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:expat-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexpat1-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:expat-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-32bit-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libexpat-devel-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud 9:expat-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud 9:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud 9:libexpat1-32bit-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:expat-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libexpat1-2.1.0-21.25.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:libexpat1-32bit-2.1.0-21.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-29T09:43:37Z",
"details": "important"
}
],
"title": "CVE-2022-40674"
}
]
}
SUSE-SU-2022:3489-1
Vulnerability from csaf_suse - Published: 2022-10-01 11:35 - Updated: 2022-10-01 11:35Summary
Security update for expat
Severity
Important
Notes
Title of the patch: Security update for expat
Description of the patch: This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
Patchnames: SUSE-2022-3489,SUSE-SLE-Micro-5.3-2022-3489,SUSE-SLE-Module-Basesystem-15-SP4-2022-3489,openSUSE-SLE-15.4-2022-3489
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libexpat1-2.4.4-150400.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libexpat1-2.4.4-150400.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:libexpat1-2.4.4-150400.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-32bit-2.4.4-150400.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libexpat-devel-32bit-2.4.4-150400.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libexpat1-32bit-2.4.4-150400.3.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for expat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for expat fixes the following issues:\n\n- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3489,SUSE-SLE-Micro-5.3-2022-3489,SUSE-SLE-Module-Basesystem-15-SP4-2022-3489,openSUSE-SLE-15.4-2022-3489",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3489-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3489-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223489-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3489-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012469.html"
},
{
"category": "self",
"summary": "SUSE Bug 1203438",
"url": "https://bugzilla.suse.com/1203438"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-40674 page",
"url": "https://www.suse.com/security/cve/CVE-2022-40674/"
}
],
"title": "Security update for expat",
"tracking": {
"current_release_date": "2022-10-01T11:35:30Z",
"generator": {
"date": "2022-10-01T11:35:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3489-1",
"initial_release_date": "2022-10-01T11:35:30Z",
"revision_history": [
{
"date": "2022-10-01T11:35:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "expat-2.4.4-150400.3.9.1.aarch64",
"product": {
"name": "expat-2.4.4-150400.3.9.1.aarch64",
"product_id": "expat-2.4.4-150400.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.4.4-150400.3.9.1.aarch64",
"product": {
"name": "libexpat-devel-2.4.4-150400.3.9.1.aarch64",
"product_id": "libexpat-devel-2.4.4-150400.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.4.4-150400.3.9.1.aarch64",
"product": {
"name": "libexpat1-2.4.4-150400.3.9.1.aarch64",
"product_id": "libexpat1-2.4.4-150400.3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat-devel-64bit-2.4.4-150400.3.9.1.aarch64_ilp32",
"product": {
"name": "libexpat-devel-64bit-2.4.4-150400.3.9.1.aarch64_ilp32",
"product_id": "libexpat-devel-64bit-2.4.4-150400.3.9.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libexpat1-64bit-2.4.4-150400.3.9.1.aarch64_ilp32",
"product": {
"name": "libexpat1-64bit-2.4.4-150400.3.9.1.aarch64_ilp32",
"product_id": "libexpat1-64bit-2.4.4-150400.3.9.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.4.4-150400.3.9.1.i586",
"product": {
"name": "expat-2.4.4-150400.3.9.1.i586",
"product_id": "expat-2.4.4-150400.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.4.4-150400.3.9.1.i586",
"product": {
"name": "libexpat-devel-2.4.4-150400.3.9.1.i586",
"product_id": "libexpat-devel-2.4.4-150400.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "libexpat1-2.4.4-150400.3.9.1.i586",
"product": {
"name": "libexpat1-2.4.4-150400.3.9.1.i586",
"product_id": "libexpat1-2.4.4-150400.3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.4.4-150400.3.9.1.ppc64le",
"product": {
"name": "expat-2.4.4-150400.3.9.1.ppc64le",
"product_id": "expat-2.4.4-150400.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.4.4-150400.3.9.1.ppc64le",
"product": {
"name": "libexpat-devel-2.4.4-150400.3.9.1.ppc64le",
"product_id": "libexpat-devel-2.4.4-150400.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat1-2.4.4-150400.3.9.1.ppc64le",
"product": {
"name": "libexpat1-2.4.4-150400.3.9.1.ppc64le",
"product_id": "libexpat1-2.4.4-150400.3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.4.4-150400.3.9.1.s390x",
"product": {
"name": "expat-2.4.4-150400.3.9.1.s390x",
"product_id": "expat-2.4.4-150400.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.4.4-150400.3.9.1.s390x",
"product": {
"name": "libexpat-devel-2.4.4-150400.3.9.1.s390x",
"product_id": "libexpat-devel-2.4.4-150400.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat1-2.4.4-150400.3.9.1.s390x",
"product": {
"name": "libexpat1-2.4.4-150400.3.9.1.s390x",
"product_id": "libexpat1-2.4.4-150400.3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.4.4-150400.3.9.1.x86_64",
"product": {
"name": "expat-2.4.4-150400.3.9.1.x86_64",
"product_id": "expat-2.4.4-150400.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.4.4-150400.3.9.1.x86_64",
"product": {
"name": "libexpat-devel-2.4.4-150400.3.9.1.x86_64",
"product_id": "libexpat-devel-2.4.4-150400.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.4.4-150400.3.9.1.x86_64",
"product": {
"name": "libexpat-devel-32bit-2.4.4-150400.3.9.1.x86_64",
"product_id": "libexpat-devel-32bit-2.4.4-150400.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.4.4-150400.3.9.1.x86_64",
"product": {
"name": "libexpat1-2.4.4-150400.3.9.1.x86_64",
"product_id": "libexpat1-2.4.4-150400.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.4.4-150400.3.9.1.x86_64",
"product": {
"name": "libexpat1-32bit-2.4.4-150400.3.9.1.x86_64",
"product_id": "libexpat1-32bit-2.4.4-150400.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.4-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libexpat1-2.4.4-150400.3.9.1.aarch64"
},
"product_reference": "libexpat1-2.4.4-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.4-150400.3.9.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libexpat1-2.4.4-150400.3.9.1.s390x"
},
"product_reference": "libexpat1-2.4.4-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.4-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libexpat1-2.4.4-150400.3.9.1.x86_64"
},
"product_reference": "libexpat1-2.4.4-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.4.4-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.aarch64"
},
"product_reference": "expat-2.4.4-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.4.4-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.ppc64le"
},
"product_reference": "expat-2.4.4-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.4.4-150400.3.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.s390x"
},
"product_reference": "expat-2.4.4-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.4.4-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.x86_64"
},
"product_reference": "expat-2.4.4-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.4.4-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.aarch64"
},
"product_reference": "libexpat-devel-2.4.4-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.4.4-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.ppc64le"
},
"product_reference": "libexpat-devel-2.4.4-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.4.4-150400.3.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.s390x"
},
"product_reference": "libexpat-devel-2.4.4-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.4.4-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.x86_64"
},
"product_reference": "libexpat-devel-2.4.4-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.4-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.aarch64"
},
"product_reference": "libexpat1-2.4.4-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.4-150400.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.ppc64le"
},
"product_reference": "libexpat1-2.4.4-150400.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.4-150400.3.9.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.s390x"
},
"product_reference": "libexpat1-2.4.4-150400.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.4-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.x86_64"
},
"product_reference": "libexpat1-2.4.4-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.4.4-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-32bit-2.4.4-150400.3.9.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.4.4-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.4.4-150400.3.9.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.aarch64"
},
"product_reference": "expat-2.4.4-150400.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.4.4-150400.3.9.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.ppc64le"
},
"product_reference": "expat-2.4.4-150400.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.4.4-150400.3.9.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.s390x"
},
"product_reference": "expat-2.4.4-150400.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.4.4-150400.3.9.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.x86_64"
},
"product_reference": "expat-2.4.4-150400.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.4.4-150400.3.9.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.aarch64"
},
"product_reference": "libexpat-devel-2.4.4-150400.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.4.4-150400.3.9.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.ppc64le"
},
"product_reference": "libexpat-devel-2.4.4-150400.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.4.4-150400.3.9.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.s390x"
},
"product_reference": "libexpat-devel-2.4.4-150400.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.4.4-150400.3.9.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.x86_64"
},
"product_reference": "libexpat-devel-2.4.4-150400.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-32bit-2.4.4-150400.3.9.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libexpat-devel-32bit-2.4.4-150400.3.9.1.x86_64"
},
"product_reference": "libexpat-devel-32bit-2.4.4-150400.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.4-150400.3.9.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.aarch64"
},
"product_reference": "libexpat1-2.4.4-150400.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.4-150400.3.9.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.ppc64le"
},
"product_reference": "libexpat1-2.4.4-150400.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.4-150400.3.9.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.s390x"
},
"product_reference": "libexpat1-2.4.4-150400.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.4-150400.3.9.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.x86_64"
},
"product_reference": "libexpat1-2.4.4-150400.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.4.4-150400.3.9.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libexpat1-32bit-2.4.4-150400.3.9.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.4.4-150400.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-40674"
}
],
"notes": [
{
"category": "general",
"text": "libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:libexpat1-2.4.4-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libexpat1-2.4.4-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libexpat1-2.4.4-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-32bit-2.4.4-150400.3.9.1.x86_64",
"openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.aarch64",
"openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.ppc64le",
"openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.s390x",
"openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.x86_64",
"openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.aarch64",
"openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.ppc64le",
"openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.s390x",
"openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.x86_64",
"openSUSE Leap 15.4:libexpat-devel-32bit-2.4.4-150400.3.9.1.x86_64",
"openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.aarch64",
"openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.ppc64le",
"openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.s390x",
"openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.x86_64",
"openSUSE Leap 15.4:libexpat1-32bit-2.4.4-150400.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-40674",
"url": "https://www.suse.com/security/cve/CVE-2022-40674"
},
{
"category": "external",
"summary": "SUSE Bug 1203438 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1203438"
},
{
"category": "external",
"summary": "SUSE Bug 1204099 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1204099"
},
{
"category": "external",
"summary": "SUSE Bug 1204177 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1204177"
},
{
"category": "external",
"summary": "SUSE Bug 1204509 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1204509"
},
{
"category": "external",
"summary": "SUSE Bug 1205077 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1205077"
},
{
"category": "external",
"summary": "SUSE Bug 1205285 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1205285"
},
{
"category": "external",
"summary": "SUSE Bug 1205527 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1205527"
},
{
"category": "external",
"summary": "SUSE Bug 1205598 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1205598"
},
{
"category": "external",
"summary": "SUSE Bug 1208339 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1208339"
},
{
"category": "external",
"summary": "SUSE Bug 1208753 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1208753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:libexpat1-2.4.4-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libexpat1-2.4.4-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libexpat1-2.4.4-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-32bit-2.4.4-150400.3.9.1.x86_64",
"openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.aarch64",
"openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.ppc64le",
"openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.s390x",
"openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.x86_64",
"openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.aarch64",
"openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.ppc64le",
"openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.s390x",
"openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.x86_64",
"openSUSE Leap 15.4:libexpat-devel-32bit-2.4.4-150400.3.9.1.x86_64",
"openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.aarch64",
"openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.ppc64le",
"openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.s390x",
"openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.x86_64",
"openSUSE Leap 15.4:libexpat1-32bit-2.4.4-150400.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:libexpat1-2.4.4-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libexpat1-2.4.4-150400.3.9.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libexpat1-2.4.4-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:expat-2.4.4-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat-devel-2.4.4-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-2.4.4-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:libexpat1-32bit-2.4.4-150400.3.9.1.x86_64",
"openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.aarch64",
"openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.ppc64le",
"openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.s390x",
"openSUSE Leap 15.4:expat-2.4.4-150400.3.9.1.x86_64",
"openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.aarch64",
"openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.ppc64le",
"openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.s390x",
"openSUSE Leap 15.4:libexpat-devel-2.4.4-150400.3.9.1.x86_64",
"openSUSE Leap 15.4:libexpat-devel-32bit-2.4.4-150400.3.9.1.x86_64",
"openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.aarch64",
"openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.ppc64le",
"openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.s390x",
"openSUSE Leap 15.4:libexpat1-2.4.4-150400.3.9.1.x86_64",
"openSUSE Leap 15.4:libexpat1-32bit-2.4.4-150400.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-01T11:35:30Z",
"details": "important"
}
],
"title": "CVE-2022-40674"
}
]
}
SUSE-SU-2022:3597-1
Vulnerability from csaf_suse - Published: 2022-10-17 11:13 - Updated: 2022-10-17 11:13Summary
Security update for expat
Severity
Important
Notes
Title of the patch: Security update for expat
Description of the patch: This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
Patchnames: SUSE-2022-3597,SUSE-SLE-Module-Basesystem-15-SP3-2022-3597,SUSE-SLE-Product-HPC-15-2022-3597,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3597,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3597,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3597,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3597,SUSE-SLE-Product-SLES-15-2022-3597,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3597,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3597,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3597,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3597,SUSE-SLE-Product-SLES_SAP-15-2022-3597,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3597,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3597,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3597,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3597,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3597,SUSE-SUSE-MicroOS-5.1-2022-3597,SUSE-SUSE-MicroOS-5.2-2022-3597,SUSE-Storage-6-2022-3597,SUSE-Storage-7-2022-3597,openSUSE-Leap-Micro-5.2-2022-3597,openSUSE-SLE-15.3-2022-3597
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
177 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:expat-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:libexpat-devel-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:libexpat1-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:expat-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:libexpat-devel-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:libexpat1-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:expat-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat1-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:expat-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat1-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:expat-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat1-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:expat-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:expat-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat-devel-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat1-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:expat-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat-devel-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat1-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:expat-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libexpat-devel-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libexpat1-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:expat-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:expat-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:libexpat1-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:libexpat1-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libexpat1-2.2.5-150000.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libexpat1-2.2.5-150000.3.22.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for expat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for expat fixes the following issues:\n\n- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3597,SUSE-SLE-Module-Basesystem-15-SP3-2022-3597,SUSE-SLE-Product-HPC-15-2022-3597,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3597,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3597,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3597,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3597,SUSE-SLE-Product-SLES-15-2022-3597,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3597,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3597,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3597,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3597,SUSE-SLE-Product-SLES_SAP-15-2022-3597,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3597,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3597,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3597,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3597,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3597,SUSE-SUSE-MicroOS-5.1-2022-3597,SUSE-SUSE-MicroOS-5.2-2022-3597,SUSE-Storage-6-2022-3597,SUSE-Storage-7-2022-3597,openSUSE-Leap-Micro-5.2-2022-3597,openSUSE-SLE-15.3-2022-3597",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3597-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3597-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223597-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3597-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012544.html"
},
{
"category": "self",
"summary": "SUSE Bug 1203438",
"url": "https://bugzilla.suse.com/1203438"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-40674 page",
"url": "https://www.suse.com/security/cve/CVE-2022-40674/"
}
],
"title": "Security update for expat",
"tracking": {
"current_release_date": "2022-10-17T11:13:29Z",
"generator": {
"date": "2022-10-17T11:13:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3597-1",
"initial_release_date": "2022-10-17T11:13:29Z",
"revision_history": [
{
"date": "2022-10-17T11:13:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.5-150000.3.22.1.aarch64",
"product": {
"name": "expat-2.2.5-150000.3.22.1.aarch64",
"product_id": "expat-2.2.5-150000.3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"product": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"product_id": "libexpat-devel-2.2.5-150000.3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"product": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"product_id": "libexpat1-2.2.5-150000.3.22.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat-devel-64bit-2.2.5-150000.3.22.1.aarch64_ilp32",
"product": {
"name": "libexpat-devel-64bit-2.2.5-150000.3.22.1.aarch64_ilp32",
"product_id": "libexpat-devel-64bit-2.2.5-150000.3.22.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libexpat1-64bit-2.2.5-150000.3.22.1.aarch64_ilp32",
"product": {
"name": "libexpat1-64bit-2.2.5-150000.3.22.1.aarch64_ilp32",
"product_id": "libexpat1-64bit-2.2.5-150000.3.22.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.5-150000.3.22.1.i586",
"product": {
"name": "expat-2.2.5-150000.3.22.1.i586",
"product_id": "expat-2.2.5-150000.3.22.1.i586"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.5-150000.3.22.1.i586",
"product": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.i586",
"product_id": "libexpat-devel-2.2.5-150000.3.22.1.i586"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.5-150000.3.22.1.i586",
"product": {
"name": "libexpat1-2.2.5-150000.3.22.1.i586",
"product_id": "libexpat1-2.2.5-150000.3.22.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.5-150000.3.22.1.ppc64le",
"product": {
"name": "expat-2.2.5-150000.3.22.1.ppc64le",
"product_id": "expat-2.2.5-150000.3.22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"product": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"product_id": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.5-150000.3.22.1.ppc64le",
"product": {
"name": "libexpat1-2.2.5-150000.3.22.1.ppc64le",
"product_id": "libexpat1-2.2.5-150000.3.22.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.5-150000.3.22.1.s390x",
"product": {
"name": "expat-2.2.5-150000.3.22.1.s390x",
"product_id": "expat-2.2.5-150000.3.22.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.5-150000.3.22.1.s390x",
"product": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.s390x",
"product_id": "libexpat-devel-2.2.5-150000.3.22.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.5-150000.3.22.1.s390x",
"product": {
"name": "libexpat1-2.2.5-150000.3.22.1.s390x",
"product_id": "libexpat1-2.2.5-150000.3.22.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.5-150000.3.22.1.x86_64",
"product": {
"name": "expat-2.2.5-150000.3.22.1.x86_64",
"product_id": "expat-2.2.5-150000.3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"product": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"product_id": "libexpat-devel-2.2.5-150000.3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.2.5-150000.3.22.1.x86_64",
"product": {
"name": "libexpat-devel-32bit-2.2.5-150000.3.22.1.x86_64",
"product_id": "libexpat-devel-32bit-2.2.5-150000.3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"product": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"product_id": "libexpat1-2.2.5-150000.3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"product": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"product_id": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 6",
"product": {
"name": "SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:6"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.2",
"product": {
"name": "openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "expat-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "expat-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:expat-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat1-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:expat-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:expat-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat1-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:expat-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat1-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "expat-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "expat-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "expat-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "expat-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "expat-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "expat-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:expat-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "expat-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libexpat-devel-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libexpat1-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:expat-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "expat-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat-devel-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat1-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:expat-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "expat-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat-devel-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat1-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:expat-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "expat-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:expat-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "expat-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:libexpat1-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:libexpat1-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:expat-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:libexpat-devel-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:libexpat1-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:expat-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:libexpat-devel-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:libexpat1-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:libexpat1-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "expat-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "expat-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-150000.3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "expat-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-150000.3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-32bit-2.2.5-150000.3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat-devel-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.ppc64le"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.s390x"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-150000.3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-40674"
}
],
"notes": [
{
"category": "general",
"text": "libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 6:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 6:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 6:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 6:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 6:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 6:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 7:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 7:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 7:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 7:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 7:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 7:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 7:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Proxy 4.1:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Proxy 4.1:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Proxy 4.1:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Proxy 4.1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Server 4.1:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Manager Server 4.1:expat-2.2.5-150000.3.22.1.s390x",
"SUSE Manager Server 4.1:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Manager Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"SUSE Manager Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Server 4.1:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Manager Server 4.1:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Manager Server 4.1:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Server 4.1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap Micro 5.2:libexpat1-2.2.5-150000.3.22.1.aarch64",
"openSUSE Leap Micro 5.2:libexpat1-2.2.5-150000.3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-40674",
"url": "https://www.suse.com/security/cve/CVE-2022-40674"
},
{
"category": "external",
"summary": "SUSE Bug 1203438 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1203438"
},
{
"category": "external",
"summary": "SUSE Bug 1204099 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1204099"
},
{
"category": "external",
"summary": "SUSE Bug 1204177 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1204177"
},
{
"category": "external",
"summary": "SUSE Bug 1204509 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1204509"
},
{
"category": "external",
"summary": "SUSE Bug 1205077 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1205077"
},
{
"category": "external",
"summary": "SUSE Bug 1205285 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1205285"
},
{
"category": "external",
"summary": "SUSE Bug 1205527 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1205527"
},
{
"category": "external",
"summary": "SUSE Bug 1205598 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1205598"
},
{
"category": "external",
"summary": "SUSE Bug 1208339 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1208339"
},
{
"category": "external",
"summary": "SUSE Bug 1208753 for CVE-2022-40674",
"url": "https://bugzilla.suse.com/1208753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 6:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 6:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 6:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 6:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 6:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 6:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 7:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 7:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 7:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 7:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 7:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 7:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 7:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Proxy 4.1:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Proxy 4.1:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Proxy 4.1:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Proxy 4.1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Server 4.1:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Manager Server 4.1:expat-2.2.5-150000.3.22.1.s390x",
"SUSE Manager Server 4.1:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Manager Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"SUSE Manager Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Server 4.1:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Manager Server 4.1:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Manager Server 4.1:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Server 4.1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap Micro 5.2:libexpat1-2.2.5-150000.3.22.1.aarch64",
"openSUSE Leap Micro 5.2:libexpat1-2.2.5-150000.3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 6:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 6:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 6:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 6:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 6:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 6:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 7:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 7:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 7:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 7:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 7:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Enterprise Storage 7:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Enterprise Storage 7:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Proxy 4.1:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Proxy 4.1:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Proxy 4.1:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Proxy 4.1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Server 4.1:expat-2.2.5-150000.3.22.1.ppc64le",
"SUSE Manager Server 4.1:expat-2.2.5-150000.3.22.1.s390x",
"SUSE Manager Server 4.1:expat-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"SUSE Manager Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"SUSE Manager Server 4.1:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Server 4.1:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"SUSE Manager Server 4.1:libexpat1-2.2.5-150000.3.22.1.s390x",
"SUSE Manager Server 4.1:libexpat1-2.2.5-150000.3.22.1.x86_64",
"SUSE Manager Server 4.1:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-150000.3.22.1.x86_64",
"openSUSE Leap Micro 5.2:libexpat1-2.2.5-150000.3.22.1.aarch64",
"openSUSE Leap Micro 5.2:libexpat1-2.2.5-150000.3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-17T11:13:29Z",
"details": "important"
}
],
"title": "CVE-2022-40674"
}
]
}
VDE-2022-058
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2022-12-13 07:00 - Updated: 2025-05-14 13:00Summary
PHOENIX CONTACT: Profinet SDK libexpat vulnerabilities
Notes
Summary: Two vulnerabilities have been discovered in the Expat XML parser library (aka libexpat). This open-source component is widely used in a lot of products worldwide. An attacker could cause a program to crash, use unexpected values or execute code by exploiting these use-after-free vulnerabilities.
Profinet SDK is using XML parser library Expat as reference solution for loading the XML based Profinet network configuration files (IPPNIO or TIC).
Impact: Availability, integrity, or confidentiality of a device using the PROFINET Controller Stack mightbe compromised by attacks exploit these vulnerabilities.
Depending on the instantiation and timing of the defect, using previously freed memory might result in a variety of negative effects, from the corruption of valid data to the execution of arbitrary code. In the default installation a vulnerable libexpat is present, but it may have been replaced in the toolchain itself.
Mitigation: We strongly recommend customers to ensure that only data from reliable sources is used. Affected customers should also check if vulnerable libexpat library versions are used in the specific configuration tool chain.
For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Remediation: Update configuration tool chains to libexpat library version 2.4.9.
Upgrade to PROFINET SDK 6.7 .
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PROFINET SDK 6.7
Phoenix Contact / Software / PROFINET SDK
|
1175941
|
6.7 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PROFINET SDK <=6.6
Phoenix Contact / Software / PROFINET SDK
|
1175941
|
<=6.6 |
Mitigation
Vendor Fix
|
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PROFINET SDK 6.7
Phoenix Contact / Software / PROFINET SDK
|
1175941
|
6.7 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
PROFINET SDK <=6.6
Phoenix Contact / Software / PROFINET SDK
|
1175941
|
<=6.6 |
Mitigation
Vendor Fix
|
References
4 references
Acknowledgments
CERT@VDE
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Two vulnerabilities have been discovered in the Expat XML parser library (aka libexpat). This open-source component is widely used in a lot of products worldwide. An attacker could cause a program to crash, use unexpected values or execute code by exploiting these use-after-free vulnerabilities.\nProfinet SDK is using XML parser library Expat as reference solution for loading the XML based Profinet network configuration files (IPPNIO or TIC).",
"title": "Summary"
},
{
"category": "description",
"text": "Availability, integrity, or confidentiality of a device using the PROFINET Controller Stack mightbe compromised by attacks exploit these vulnerabilities.\nDepending on the instantiation and timing of the defect, using previously freed memory might result in a variety of negative effects, from the corruption of valid data to the execution of arbitrary code. In the default installation a vulnerable libexpat is present, but it may have been replaced in the toolchain itself.",
"title": "Impact"
},
{
"category": "description",
"text": "We strongly recommend customers to ensure that only data from reliable sources is used. Affected customers should also check if vulnerable libexpat library versions are used in the specific configuration tool chain.\nFor detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update configuration tool chains to libexpat library version 2.4.9.\nUpgrade to PROFINET SDK 6.7 .",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PHOENIX CONTACT PSIRT ",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for PHOENIX CONTACT",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2022-058: PHOENIX CONTACT: Profinet SDK libexpat vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/VDE-2022-058/"
},
{
"category": "self",
"summary": "VDE-2022-058: PHOENIX CONTACT: Profinet SDK libexpat vulnerabilities - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-058.json"
}
],
"title": "PHOENIX CONTACT: Profinet SDK libexpat vulnerabilities",
"tracking": {
"aliases": [
"VDE-2022-058"
],
"current_release_date": "2025-05-14T13:00:15.000Z",
"generator": {
"date": "2025-04-09T08:01:04.673Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.22"
}
},
"id": "VDE-2022-058",
"initial_release_date": "2022-12-13T07:00:00.000Z",
"revision_history": [
{
"date": "2022-12-13T07:00:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T13:00:15.000Z",
"number": "2",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=6.6",
"product": {
"name": "PROFINET SDK \u003c=6.6",
"product_id": "CSAFPID-51001",
"product_identification_helper": {
"model_numbers": [
"1175941"
]
}
}
},
{
"category": "product_version",
"name": "6.7",
"product": {
"name": "PROFINET SDK 6.7",
"product_id": "CSAFPID-52001",
"product_identification_helper": {
"model_numbers": [
"1175941"
]
}
}
}
],
"category": "product_name",
"name": "PROFINET SDK"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40674",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "We strongly recommend customers to ensure that only data from reliable sources is used. Affected customers should also check if vulnerable libexpat library versions are used in the specific configuration tool chain.\nFor detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Update configuration tool chains to libexpat library version 2.4.9.\nUpgrade to PROFINET SDK 6.7 .",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2022-40674"
},
{
"cve": "CVE-2022-43680",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "We strongly recommend customers to ensure that only data from reliable sources is used. Affected customers should also check if vulnerable libexpat library versions are used in the specific configuration tool chain.\nFor detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Update configuration tool chains to libexpat library version 2.4.9.\nUpgrade to PROFINET SDK 6.7 .",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2022-43680"
}
]
}
VDE-2023-001
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2023-02-14 07:50 - Updated: 2025-06-05 13:28Summary
PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware
Notes
Summary: A new LTS Firmware release fixes known vulnerabilities in used open-source libraries.
In addition, the following improvements have been implemented:
HMI
- Hardening against DoS attacks. - Hardening against memory leak problems in case of network attacks.
WBM
- Umlauts in the password of the 'User Manager' were not handled correctly. The password rule for upper and lower case was not followed. This could lead to unintentionally weaker passwords.- Hardening of WBM against Cross-Site-Scripting.
User Manager
- In security notifications 'SecurityToken' was always displayed as '0000000' when creating or modifying users.- Hardening of Trust and Identity Stores.
Impact: Please consult the CVE entries listed above.
Mitigation: Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Remediation: Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
8.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
CWE-20 - Improper Input Validation
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Git is an open source, scalable, distributed revision control system. 'git shell' is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an 'int' to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to 'execv()', it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to 'git shell' as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling 'git shell' access via remote logins is a viable short-term workaround.
8.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's '$GIT_DIR/objects' directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via '--no-hardlinks'). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the '--recurse-submodules' option. Git does not create symbolic links in the '$GIT_DIR/objects' directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the '--local' optimization when on a shared machine, either by passing the '--no-local' option to 'git clone' or cloning from a URL that uses the 'file://' scheme. Alternatively, avoid cloning repositories from untrusted sources with '--recurse-submodules' or run 'git config --global protocol.file.allow user'.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.
8.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
6.6 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.
6.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).
5.3 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
7.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.0490.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.0530.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
6.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
5.9 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
A malicious server can serve excessive amounts of 'Set-Cookie:' headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on 'foo.example.com' can set cookies that also would match for 'bar.example.com', making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
4.3 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.0579.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.0614.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.0046.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
7.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
References
4 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "A new LTS Firmware release fixes known vulnerabilities in used open-source libraries.\nIn addition, the following improvements\u00a0have been implemented:\nHMI\n- Hardening against DoS attacks. - Hardening against memory leak problems in case of network attacks.\nWBM\n- Umlauts in the password of the \u0027User Manager\u0027 were not handled correctly. The password rule for upper and lower case was not followed. This could lead to unintentionally weaker passwords.- Hardening of WBM against Cross-Site-Scripting.\nUser Manager\n- In security notifications \u0027SecurityToken\u0027 was always displayed as \u00270000000\u0027 when creating or modifying users.- Hardening of Trust and Identity Stores.",
"title": "Summary"
},
{
"category": "description",
"text": "Please consult the CVE entries listed above.",
"title": "Impact"
},
{
"category": "description",
"text": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2023-001: PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware - HTML",
"url": "https://certvde.com/en/advisories/VDE-2023-001/"
},
{
"category": "self",
"summary": "VDE-2023-001: PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-001.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Phoenix Contact GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
}
],
"title": "PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware",
"tracking": {
"aliases": [
"VDE-2023-001"
],
"current_release_date": "2025-06-05T13:28:12.000Z",
"generator": {
"date": "2025-05-08T11:33:36.410Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.25"
}
},
"id": "VDE-2023-001",
"initial_release_date": "2023-02-14T07:50:00.000Z",
"revision_history": [
{
"date": "2023-02-14T07:50:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-06-05T13:28:12.000Z",
"number": "2",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AXC F 1152",
"product": {
"name": "AXC F 1152",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1151412"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 2152",
"product": {
"name": "AXC F 2152",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2404267"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 3152",
"product": {
"name": "AXC F 3152",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"1069208"
]
}
}
},
{
"category": "product_name",
"name": "BPC 9102S",
"product": {
"name": "BPC 9102S",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1246285"
]
}
}
},
{
"category": "product_name",
"name": "RFC 4072R",
"product": {
"name": "RFC 4072R",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"1136419"
]
}
}
},
{
"category": "product_name",
"name": "RFC 4072S",
"product": {
"name": "RFC 4072S",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"1051328"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2023.0.0 LTS",
"product": {
"name": "Firmware \u003c2023.0.0 LTS",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "2023.0.0 LTS",
"product": {
"name": "Firmware 2023.0.0 LTS",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on AXC F 1152",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on AXC F 2152",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on AXC F 3152",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on BPC 9102S",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on RFC 4072R",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on RFC 4072S",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on AXC F 1152",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on AXC F 2152",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on AXC F 3152",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on BPC 9102S",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on RFC 4072R",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on RFC 4072S",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30065",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "A use-after-free in Busybox 1.35-x\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-30065"
},
{
"cve": "CVE-2022-40674",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-40674"
},
{
"cve": "CVE-2022-35252",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"environmentalScore": 3.7,
"environmentalSeverity": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 3.7,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-43680",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-43680"
},
{
"cve": "CVE-2022-42916",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "description",
"text": "In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-1664",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "description",
"text": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1664"
},
{
"cve": "CVE-2022-1304",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1304"
},
{
"cve": "CVE-2022-29187",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "description",
"text": "Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-29187"
},
{
"cve": "CVE-2022-39260",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Git is an open source, scalable, distributed revision control system. \u0027git shell\u0027 is a restricted login shell that can be used to implement Git\u0027s push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an \u0027int\u0027 to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to \u0027execv()\u0027, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to \u0027git shell\u0027 as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling \u0027git shell\u0027 access via remote logins is a viable short-term workaround.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-39260"
},
{
"cve": "CVE-2022-39253",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "description",
"text": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source\u0027s \u0027$GIT_DIR/objects\u0027 directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via \u0027--no-hardlinks\u0027). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim\u0027s machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the \u0027--recurse-submodules\u0027 option. Git does not create symbolic links in the \u0027$GIT_DIR/objects\u0027 directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the \u0027--local\u0027 optimization when on a shared machine, either by passing the \u0027--no-local\u0027 option to \u0027git clone\u0027 or cloning from a URL that uses the \u0027file://\u0027 scheme. Alternatively, avoid cloning repositories from untrusted sources with \u0027--recurse-submodules\u0027 or run \u0027git config --global protocol.file.allow user\u0027.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-39253"
},
{
"cve": "CVE-2022-42915",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "description",
"text": "curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-2509",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "description",
"text": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2509"
},
{
"cve": "CVE-2021-46828",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-46828"
},
{
"cve": "CVE-2022-40304",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-40304"
},
{
"cve": "CVE-2022-1015",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.6,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1015"
},
{
"cve": "CVE-2022-1016",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle \u0027return\u0027 with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1016"
},
{
"cve": "CVE-2022-1348",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "description",
"text": "A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1348"
},
{
"cve": "CVE-2022-2097",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "description",
"text": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn\u0027t written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2097"
},
{
"cve": "CVE-2022-42919",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-42919"
},
{
"cve": "CVE-2002-20001",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2002-20001"
},
{
"cve": "CVE-2022-40617",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker\u0027s control) that doesn\u0027t properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-40617"
},
{
"cve": "CVE-2022-43995",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-43995"
},
{
"cve": "CVE-2022-2522",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2522"
},
{
"cve": "CVE-2022-2571",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2571"
},
{
"cve": "CVE-2022-2580",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2580"
},
{
"cve": "CVE-2022-2581",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2581"
},
{
"cve": "CVE-2022-2598",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.\n\n",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2598"
},
{
"cve": "CVE-2022-3234",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3234"
},
{
"cve": "CVE-2022-3235",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3235"
},
{
"cve": "CVE-2022-32207",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "description",
"text": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-3256",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0530.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3256"
},
{
"cve": "CVE-2022-32206",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-3278",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3278"
},
{
"cve": "CVE-2022-32208",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-3296",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3296"
},
{
"cve": "CVE-2022-32205",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "A malicious server can serve excessive amounts of \u0027Set-Cookie:\u0027 headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on \u0027foo.example.com\u0027 can set cookies that also would match for \u0027bar.example.com\u0027, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2022-3297",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0579.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3297"
},
{
"cve": "CVE-2022-3324",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3324"
},
{
"cve": "CVE-2022-3352",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3352"
},
{
"cve": "CVE-2022-3705",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3705"
},
{
"cve": "CVE-2022-37434",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-1927",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1927"
},
{
"cve": "CVE-2022-1942",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1942"
},
{
"cve": "CVE-2022-2129",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2129"
},
{
"cve": "CVE-2022-2175",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2175"
},
{
"cve": "CVE-2022-2182",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2182"
},
{
"cve": "CVE-2022-2183",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2183"
},
{
"cve": "CVE-2022-2343",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2343"
},
{
"cve": "CVE-2022-2207",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2207"
},
{
"cve": "CVE-2022-2210",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2210"
},
{
"cve": "CVE-2022-2344",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2344"
},
{
"cve": "CVE-2022-2304",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2304"
},
{
"cve": "CVE-2022-2345",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0046.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2345"
},
{
"cve": "CVE-2022-2208",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2208"
},
{
"cve": "CVE-2022-2231",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2231"
},
{
"cve": "CVE-2022-2287",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2287"
},
{
"cve": "CVE-2022-2285",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2285"
},
{
"cve": "CVE-2022-2284",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2284"
},
{
"cve": "CVE-2022-2286",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2286"
},
{
"cve": "CVE-2022-2289",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2289"
},
{
"cve": "CVE-2022-2288",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2288"
},
{
"cve": "CVE-2022-2264",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2264"
},
{
"cve": "CVE-2022-2206",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2206"
},
{
"cve": "CVE-2022-2257",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2257"
}
]
}
WID-SEC-W-2022-1504
Vulnerability from csaf_certbund - Published: 2022-09-22 22:00 - Updated: 2025-12-28 23:00Summary
expat: Schwachstelle ermöglicht Codeausführung
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Expat ist ein XML Parser, der in der Programmiersprache-C geschrieben ist.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in expat ausnutzen, um beliebigen Programmcode auszuführen und einen Denial of Service Zustand herbeizuführen
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Tenable Security Nessus <10.3.1
Tenable Security / Nessus
|
<10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
OpenBSD OpenBSD 7.0
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.0
|
7 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM Tivoli Network Manager <4.2.0.16
IBM / Tivoli Network Manager
|
<4.2.0.16 | ||
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Oracle VM 3
Oracle / VM
|
cpe:/a:oracle:vm:3
|
3 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Open Source expat <2.4.9
Open Source / expat
|
<2.4.9 | ||
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
HCL Commerce 9.0.1.x
HCL / Commerce
|
cpe:/a:hcltechsw:commerce:9.0.1.x
|
9.0.1.x | |
|
HCL Commerce 9.1.x
HCL / Commerce
|
cpe:/a:hcltechsw:commerce:9.1.x
|
9.1.x | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
HCL Commerce 7
HCL / Commerce
|
cpe:/a:hcltechsw:commerce:7
|
7 | |
|
IBM HTTP Server 7.0
IBM / HTTP Server
|
cpe:/a:ibm:http_server:7.0
|
7 | |
|
Insyde UEFI Firmware kernel
Insyde / UEFI Firmware
|
cpe:/h:insyde:uefi:kernel
|
kernel | |
|
IBM HTTP Server 8.0
IBM / HTTP Server
|
cpe:/a:ibm:http_server:8.0
|
8 | |
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
IBM Security Guardium 11.4
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:11.4
|
11.4 | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
OpenBSD OpenBSD 7.1
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.1
|
7.1 | |
|
IBM Tivoli Monitoring 6.3.0.7 sp12
IBM / Tivoli Monitoring
|
cpe:/a:ibm:tivoli_monitoring:6.3.0.7_sp12
|
6.3.0.7 sp12 | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
IBM Rational ClearCase
IBM
|
cpe:/a:ibm:rational_clearcase:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Tenable Security Nessus Network Monitor <6.2.1
Tenable Security / Nessus Network Monitor
|
<6.2.1 | ||
|
Hitachi Energy AFS 65x
Hitachi Energy / AFS
|
cpe:/h:abb:afs:65x
|
65x | |
|
IBM Tivoli Monitoring
IBM / Tivoli Monitoring
|
cpe:/a:ibm:tivoli_monitoring:6
|
— | |
|
IBM HTTP Server 8.5
IBM / HTTP Server
|
cpe:/a:ibm:http_server:8.5
|
8.5 | |
|
IBM HTTP Server 9.0
IBM / HTTP Server
|
cpe:/a:ibm:http_server:9.0
|
9 | |
|
Hitachi Energy AFS 67x
Hitachi Energy / AFS
|
cpe:/h:abb:afs:67x
|
67x | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
Tenable Security Nessus <8.15.7
Tenable Security / Nessus
|
<8.15.7 | ||
|
IBM Security Guardium 11.5
IBM / Security Guardium
|
cpe:/a:ibm:security_guardium:11.5
|
11.5 | |
|
HCL Commerce 8
HCL / Commerce
|
cpe:/a:hcltechsw:commerce:8
|
8 |
References
77 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Expat ist ein XML Parser, der in der Programmiersprache-C geschrieben ist.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in expat ausnutzen, um beliebigen Programmcode auszuf\u00fchren und einen Denial of Service Zustand herbeizuf\u00fchren",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1504 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1504.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1504 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1504"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5236 vom 2022-09-22",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00205.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5638-1 vom 2022-09-26",
"url": "https://ubuntu.com/security/notices/USN-5638-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3466-1 vom 2022-09-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012447.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202209-24 vom 2022-09-29",
"url": "https://security.gentoo.org/glsa/202209-24"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3489-1 vom 2022-10-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012473.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3489-1 vom 2022-10-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012471.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3489-1 vom 2022-10-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012472.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3489-1 vom 2022-10-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012469.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3489-1 vom 2022-10-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012474.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6826711 vom 2022-10-05",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-is-vulnerable-to-remote-code-execution-cve-2022-40674/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6827119 vom 2022-10-06",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-http-server-is-vulnerable-to-arbitrary-code-execution-due-to-expat-cve-2022-40674/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6832 vom 2022-10-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6832"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6834 vom 2022-10-07",
"url": "http://linux.oracle.com/errata/ELSA-2022-6834.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6838 vom 2022-10-07",
"url": "http://linux.oracle.com/errata/ELSA-2022-6838.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6831 vom 2022-10-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6831"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6834 vom 2022-10-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6834"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6833 vom 2022-10-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6833"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6838 vom 2022-10-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6838"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6878 vom 2022-10-11",
"url": "https://access.redhat.com/errata/RHSA-2022:6878"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6878 vom 2022-10-12",
"url": "http://linux.oracle.com/errata/ELSA-2022-6878.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6921 vom 2022-10-12",
"url": "https://access.redhat.com/errata/RHSA-2022:6921"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3597-1 vom 2022-10-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012544.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6967 vom 2022-10-17",
"url": "https://access.redhat.com/errata/RHSA-2022:6967"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7023 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:7023"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7024 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:7024"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7025 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:7025"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7026 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:7026"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7021 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:7021"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7020 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:7020"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6998 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:6998"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7022 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:7022"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6995 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:6995"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6996 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:6996"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6997 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:6997"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7019 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:7019"
},
{
"category": "external",
"summary": "Oracle Linux Bulletin-October 2022 vom 2022-10-18",
"url": "https://www.oracle.com/security-alerts/linuxbulletinoct2022.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7058 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7058"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6905 vom 2022-10-19",
"url": "https://access.redhat.com/errata/RHSA-2022:6905"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7026 vom 2022-10-20",
"url": "https://linux.oracle.com/errata/ELSA-2022-7026.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7024 vom 2022-10-20",
"url": "https://linux.oracle.com/errata/ELSA-2022-7024.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7023 vom 2022-10-20",
"url": "https://linux.oracle.com/errata/ELSA-2022-7023.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7020 vom 2022-10-20",
"url": "http://linux.oracle.com/errata/ELSA-2022-7020.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6998 vom 2022-10-27",
"url": "https://linux.oracle.com/errata/ELSA-2022-6998.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6997 vom 2022-10-27",
"url": "https://linux.oracle.com/errata/ELSA-2022-6997.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3750-1 vom 2022-10-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012690.html"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-20 vom 2022-10-26",
"url": "https://www.tenable.com/security/tns-2022-20"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2022:6834 vom 2022-10-26",
"url": "https://lists.centos.org/pipermail/centos-announce/2022-October/073647.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9962 vom 2022-10-29",
"url": "https://linux.oracle.com/errata/ELSA-2022-9962.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20221028-0008 vom 2022-10-28",
"url": "https://security.netapp.com/advisory/ntap-20221028-0008/"
},
{
"category": "external",
"summary": "F5 Security Advisory K44454157 vom 2022-10-31",
"url": "https://support.f5.com/csp/article/K44454157"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9967 vom 2022-10-31",
"url": "https://linux.oracle.com/errata/ELSA-2022-9967.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6833562 vom 2022-11-01",
"url": "https://aix.software.ibm.com/aix/efixes/security/python_advisory2.asc"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6837645 vom 2022-11-08",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-tivoli-monitoring-included-websphere-application-server-and-ibm-http-server-used-by-websphere-application-server-3/"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-26 vom 2022-11-09",
"url": "https://www.tenable.com/security/tns-2022-26"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6882 vom 2022-11-09",
"url": "https://access.redhat.com/errata/RHSA-2022:6882"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1877 vom 2022-11-09",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1877.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5638-2 vom 2022-11-17",
"url": "https://ubuntu.com/security/notices/USN-5638-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8598 vom 2022-11-22",
"url": "https://access.redhat.com/errata/RHSA-2022:8598"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6842505 vom 2022-12-01",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-expat-sqlite-libxml2-libksba-zlib-and-gnutls/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8841 vom 2022-12-08",
"url": "https://access.redhat.com/errata/RHSA-2022:8841"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-259 vom 2022-12-09",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-259.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1654 vom 2022-12-10",
"url": "https://alas.aws.amazon.com/ALAS-2022-1654.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6847293 vom 2022-12-20",
"url": "https://www.ibm.com/support/pages/node/6847293"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6855663 vom 2023-01-16",
"url": "https://www.ibm.com/support/pages/node/6855663"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6856375 vom 2023-01-31",
"url": "https://www.ibm.com/support/pages/node/6856375"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6955057 vom 2023-02-13",
"url": "https://www.ibm.com/support/pages/node/6955057"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5638-4 vom 2023-02-28",
"url": "https://ubuntu.com/security/notices/USN-5638-4"
},
{
"category": "external",
"summary": "HCL Article KB0104147 vom 2023-04-20",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0104147"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2023-19 vom 2023-05-10",
"url": "https://www.tenable.com/security/tns-2023-19"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3068 vom 2023-05-16",
"url": "https://access.redhat.com/errata/RHSA-2023:3068"
},
{
"category": "external",
"summary": "Hitachi Cybersecurity Advisory vom 2023-05-24",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-01"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6999317 vom 2023-05-30",
"url": "https://www.ibm.com/support/pages/node/6999317"
},
{
"category": "external",
"summary": "ORACLE OVMSA-2023-0009 vom 2023-08-17",
"url": "https://oss.oracle.com/pipermail/oraclevm-errata/2023-August/001078.html"
},
{
"category": "external",
"summary": "Insyde Security Advisory INSYDE-SA-2024002 vom 2024-05-14",
"url": "https://www.insyde.com/security-pledge/SA-2024002"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2023:3068 vom 2025-12-27",
"url": "https://errata.build.resf.org/RLSA-2023:3068"
}
],
"source_lang": "en-US",
"title": "expat: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2025-12-28T23:00:00.000+00:00",
"generator": {
"date": "2025-12-29T09:05:05.697+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2022-1504",
"initial_release_date": "2022-09-22T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-09-22T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-09-26T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-09-29T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE, Fedora und Gentoo aufgenommen"
},
{
"date": "2022-10-03T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-10-04T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-10-05T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-10-06T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2022-10-11T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-12T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-17T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2022-10-18T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-19T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2022-10-20T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-10-23T22:00:00.000+00:00",
"number": "14",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-D93B3BD8B9, FEDORA-2022-DCB1D7BCB1, FEDORA-2022-C22FEB71BA"
},
{
"date": "2022-10-26T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Oracle Linux, SUSE, Tenable und CentOS aufgenommen"
},
{
"date": "2022-10-30T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Oracle Linux und NetApp aufgenommen"
},
{
"date": "2022-10-31T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von F5 und Oracle Linux aufgenommen"
},
{
"date": "2022-11-01T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-11-07T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-11-09T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Tenable, Red Hat und Amazon aufgenommen"
},
{
"date": "2022-11-17T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-11-22T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-30T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-12-08T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-11T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-12-20T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-01-16T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-01-31T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-02-13T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-02-28T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-04-19T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2023-05-09T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Tenable aufgenommen"
},
{
"date": "2023-05-16T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-05-23T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2023-05-30T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-08-17T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von ORACLE aufgenommen"
},
{
"date": "2024-05-13T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Insyde aufgenommen"
},
{
"date": "2025-12-28T23:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
}
],
"status": "final",
"version": "38"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8",
"product": {
"name": "HCL Commerce 8",
"product_id": "T020130",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:8"
}
}
},
{
"category": "product_version",
"name": "7",
"product": {
"name": "HCL Commerce 7",
"product_id": "T027460",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:7"
}
}
},
{
"category": "product_version",
"name": "9.0.1.x",
"product": {
"name": "HCL Commerce 9.0.1.x",
"product_id": "T027461",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:9.0.1.x"
}
}
},
{
"category": "product_version",
"name": "9.1.x",
"product": {
"name": "HCL Commerce 9.1.x",
"product_id": "T027462",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:9.1.x"
}
}
}
],
"category": "product_name",
"name": "Commerce"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "65x",
"product": {
"name": "Hitachi Energy AFS 65x",
"product_id": "T027841",
"product_identification_helper": {
"cpe": "cpe:/h:abb:afs:65x"
}
}
},
{
"category": "product_version",
"name": "67x",
"product": {
"name": "Hitachi Energy AFS 67x",
"product_id": "T027842",
"product_identification_helper": {
"cpe": "cpe:/h:abb:afs:67x"
}
}
}
],
"category": "product_name",
"name": "AFS"
}
],
"category": "vendor",
"name": "Hitachi Energy"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "IBM AIX 7.3",
"product_id": "T021486",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.3"
}
}
}
],
"category": "product_name",
"name": "AIX"
},
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "5104",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "8.5",
"product": {
"name": "IBM HTTP Server 8.5",
"product_id": "T001650",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:http_server:8.5"
}
}
},
{
"category": "product_version",
"name": "7",
"product": {
"name": "IBM HTTP Server 7.0",
"product_id": "T003674",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:http_server:7.0"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "IBM HTTP Server 8.0",
"product_id": "T003675",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:http_server:8.0"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "IBM HTTP Server 9.0",
"product_id": "T008162",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:http_server:9.0"
}
}
}
],
"category": "product_name",
"name": "HTTP Server"
},
{
"category": "product_name",
"name": "IBM MQ",
"product": {
"name": "IBM MQ",
"product_id": "T021398",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
},
{
"category": "product_version",
"name": "7.4",
"product": {
"name": "IBM QRadar SIEM 7.4",
"product_id": "T024775",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.4"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"category": "product_name",
"name": "IBM Rational ClearCase",
"product": {
"name": "IBM Rational ClearCase",
"product_id": "T004180",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearcase:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "11.4",
"product": {
"name": "IBM Security Guardium 11.4",
"product_id": "1076561",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:11.4"
}
}
},
{
"category": "product_version",
"name": "11.5",
"product": {
"name": "IBM Security Guardium 11.5",
"product_id": "T026399",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:11.5"
}
}
}
],
"category": "product_name",
"name": "Security Guardium"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Tivoli Monitoring",
"product": {
"name": "IBM Tivoli Monitoring",
"product_id": "T000066",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_monitoring:6"
}
}
},
{
"category": "product_version",
"name": "6.3.0.7 sp12",
"product": {
"name": "IBM Tivoli Monitoring 6.3.0.7 sp12",
"product_id": "T024776",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_monitoring:6.3.0.7_sp12"
}
}
}
],
"category": "product_name",
"name": "Tivoli Monitoring"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.2.0.16",
"product": {
"name": "IBM Tivoli Network Manager \u003c4.2.0.16",
"product_id": "T025752"
}
},
{
"category": "product_version",
"name": "4.2.0.16",
"product": {
"name": "IBM Tivoli Network Manager 4.2.0.16",
"product_id": "T025752-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:4.2.0.16"
}
}
}
],
"category": "product_name",
"name": "Tivoli Network Manager"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel",
"product": {
"name": "Insyde UEFI Firmware kernel",
"product_id": "T034716",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:kernel"
}
}
}
],
"category": "product_name",
"name": "UEFI Firmware"
}
],
"category": "vendor",
"name": "Insyde"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T016960",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
},
{
"category": "product_name",
"name": "NetApp Data ONTAP",
"product": {
"name": "NetApp Data ONTAP",
"product_id": "7654",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:data_ontap:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.4.9",
"product": {
"name": "Open Source expat \u003c2.4.9",
"product_id": "T024686"
}
},
{
"category": "product_version",
"name": "2.4.9",
"product": {
"name": "Open Source expat 2.4.9",
"product_id": "T024686-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:expat:expat:2.4.9"
}
}
}
],
"category": "product_name",
"name": "expat"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7",
"product": {
"name": "OpenBSD OpenBSD 7.0",
"product_id": "T021607",
"product_identification_helper": {
"cpe": "cpe:/a:openbsd:openbsd:7.0"
}
}
},
{
"category": "product_version",
"name": "7.1",
"product": {
"name": "OpenBSD OpenBSD 7.1",
"product_id": "T023225",
"product_identification_helper": {
"cpe": "cpe:/a:openbsd:openbsd:7.1"
}
}
}
],
"category": "product_name",
"name": "OpenBSD"
}
],
"category": "vendor",
"name": "OpenBSD"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "3",
"product": {
"name": "Oracle VM 3",
"product_id": "T019617",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:vm:3"
}
}
}
],
"category": "product_name",
"name": "VM"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift",
"product": {
"name": "Red Hat OpenShift",
"product_id": "T008027",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.3.1",
"product": {
"name": "Tenable Security Nessus \u003c10.3.1",
"product_id": "T025130"
}
},
{
"category": "product_version",
"name": "10.3.1",
"product": {
"name": "Tenable Security Nessus 10.3.1",
"product_id": "T025130-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:10.3.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.15.7",
"product": {
"name": "Tenable Security Nessus \u003c8.15.7",
"product_id": "T025285"
}
},
{
"category": "product_version",
"name": "8.15.7",
"product": {
"name": "Tenable Security Nessus 8.15.7",
"product_id": "T025285-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:8.15.7"
}
}
}
],
"category": "product_name",
"name": "Nessus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.2.1",
"product": {
"name": "Tenable Security Nessus Network Monitor \u003c6.2.1",
"product_id": "T027665"
}
},
{
"category": "product_version",
"name": "6.2.1",
"product": {
"name": "Tenable Security Nessus Network Monitor 6.2.1",
"product_id": "T027665-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus_network_monitor:6.2.1"
}
}
}
],
"category": "product_name",
"name": "Nessus Network Monitor"
}
],
"category": "vendor",
"name": "Tenable Security"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40674",
"product_status": {
"known_affected": [
"T025130",
"67646",
"T021607",
"T004914",
"T025752",
"T001663",
"T019617",
"398363",
"T024686",
"T021398",
"T027461",
"T027462",
"T008027",
"T027460",
"T003674",
"T034716",
"T003675",
"7654",
"1076561",
"T012167",
"T016960",
"T032255",
"T022954",
"2951",
"T002207",
"T023225",
"T024776",
"T000126",
"5104",
"T004180",
"T024775",
"T027665",
"T027841",
"T000066",
"T001650",
"T008162",
"T027842",
"1727",
"T021486",
"T025285",
"T026399",
"T020130"
]
},
"release_date": "2022-09-22T22:00:00.000+00:00",
"title": "CVE-2022-40674"
}
]
}
WID-SEC-W-2022-2055
Vulnerability from csaf_certbund - Published: 2022-11-15 23:00 - Updated: 2025-05-29 22:00Summary
Mozilla Firefox und Thunderbird: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Firefox ist ein Open Source Web Browser.
Firefox ist ein Open Source Web Browser.
ESR ist die Variante mit verlängertem Support.
Thunderbird ist ein Open Source E-Mail Client.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuführen und Informationen falsch darzustellen.
Betroffene Betriebssysteme: - Linux
- MacOS X
- Sonstiges
- Windows
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox ESR <102.5
Mozilla / Firefox ESR
|
<102.5 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Mozilla Firefox <107
Mozilla / Firefox
|
<107 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <102.5
Mozilla / Thunderbird
|
<102.5 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
References
44 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Firefox ist ein Open Source Web Browser.\r\nFirefox ist ein Open Source Web Browser. \r\nESR ist die Variante mit verl\u00e4ngertem Support.\r\nThunderbird ist ein Open Source E-Mail Client.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Informationen falsch darzustellen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2055 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2055.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2055 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2055"
},
{
"category": "external",
"summary": "Mozilla Foundation Security Advisory 2022-47 vom 2022-11-15",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/"
},
{
"category": "external",
"summary": "Mozilla Foundation Security Advisory 2022-48 vom 2022-11-15",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/"
},
{
"category": "external",
"summary": "Mozilla Foundation Security Advisory 2022-49 vom 2022-11-15",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5726-1 vom 2022-11-16",
"url": "https://ubuntu.com/security/notices/USN-5726-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5282 vom 2022-11-17",
"url": "https://www.debian.org/security/2022/dsa-5282"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4058-1 vom 2022-11-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012966.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3199 vom 2022-11-17",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00026.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5284 vom 2022-11-17",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00255.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3196 vom 2022-11-17",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00023.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4085-1 vom 2022-11-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012993.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4083-1 vom 2022-11-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012997.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8556 vom 2022-11-21",
"url": "https://access.redhat.com/errata/RHSA-2022:8556"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-8552 vom 2022-11-22",
"url": "https://linux.oracle.com/errata/ELSA-2022-8552.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8543 vom 2022-11-21",
"url": "https://access.redhat.com/errata/RHSA-2022:8543"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8544 vom 2022-11-21",
"url": "https://access.redhat.com/errata/RHSA-2022:8544"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8545 vom 2022-11-21",
"url": "https://access.redhat.com/errata/RHSA-2022:8545"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8547 vom 2022-11-21",
"url": "https://access.redhat.com/errata/RHSA-2022:8547"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8548 vom 2022-11-21",
"url": "https://access.redhat.com/errata/RHSA-2022:8548"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8549 vom 2022-11-21",
"url": "https://access.redhat.com/errata/RHSA-2022:8549"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8550 vom 2022-11-21",
"url": "https://access.redhat.com/errata/RHSA-2022:8550"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8552 vom 2022-11-21",
"url": "https://access.redhat.com/errata/RHSA-2022:8552"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8553 vom 2022-11-21",
"url": "https://access.redhat.com/errata/RHSA-2022:8553"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8554 vom 2022-11-21",
"url": "https://access.redhat.com/errata/RHSA-2022:8554"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8561 vom 2022-11-21",
"url": "https://access.redhat.com/errata/RHSA-2022:8561"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8555 vom 2022-11-21",
"url": "https://access.redhat.com/errata/RHSA-2022:8555"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202211-06 vom 2022-11-22",
"url": "https://security.gentoo.org/glsa/202211-06"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-8555 vom 2022-11-22",
"url": "https://linux.oracle.com/errata/ELSA-2022-8555.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202211-05 vom 2022-11-22",
"url": "https://security.gentoo.org/glsa/202211-05"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8580 vom 2022-11-22",
"url": "https://access.redhat.com/errata/RHSA-2022:8580"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-8547 vom 2022-11-22",
"url": "https://linux.oracle.com/errata/ELSA-2022-8547.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-8561 vom 2022-11-24",
"url": "http://linux.oracle.com/errata/ELSA-2022-8561.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-8580 vom 2022-11-24",
"url": "http://linux.oracle.com/errata/ELSA-2022-8580.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4247-1 vom 2022-11-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013128.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2022:8555 vom 2022-12-01",
"url": "https://lists.centos.org/pipermail/centos-announce/2022-November/073660.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2022:8552 vom 2022-12-01",
"url": "https://lists.centos.org/pipermail/centos-announce/2022-November/073659.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1900 vom 2022-12-07",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1900.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8980 vom 2022-12-13",
"url": "https://access.redhat.com/errata/RHSA-2022:8980"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8979 vom 2022-12-13",
"url": "https://access.redhat.com/errata/RHSA-2022:8979"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5824-1 vom 2023-02-06",
"url": "https://ubuntu.com/security/notices/USN-5824-1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASFIREFOX-2023-010 vom 2023-09-27",
"url": "https://alas.aws.amazon.com/AL2/ALASFIREFOX-2023-010.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASFIREFOX-2023-009 vom 2023-09-27",
"url": "https://alas.aws.amazon.com/AL2/ALASFIREFOX-2023-009.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2858 vom 2025-05-29",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2858.html"
}
],
"source_lang": "en-US",
"title": "Mozilla Firefox und Thunderbird: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-29T22:00:00.000+00:00",
"generator": {
"date": "2025-05-30T09:12:23.047+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-2055",
"initial_release_date": "2022-11-15T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-11-15T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-11-16T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora, Ubuntu und Debian aufgenommen"
},
{
"date": "2022-11-17T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE und Debian aufgenommen"
},
{
"date": "2022-11-20T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-11-21T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat, Oracle Linux und Gentoo aufgenommen"
},
{
"date": "2022-11-22T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-23T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-11-28T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-11-30T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von CentOS aufgenommen"
},
{
"date": "2022-12-06T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-12-13T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-05T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-09-27T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "14"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c107",
"product": {
"name": "Mozilla Firefox \u003c107",
"product_id": "7356"
}
},
{
"category": "product_version",
"name": "107",
"product": {
"name": "Mozilla Firefox 107",
"product_id": "7356-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:firefox:-"
}
}
}
],
"category": "product_name",
"name": "Firefox"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c102.5",
"product": {
"name": "Mozilla Firefox ESR \u003c102.5",
"product_id": "162606"
}
},
{
"category": "product_version",
"name": "102.5",
"product": {
"name": "Mozilla Firefox ESR 102.5",
"product_id": "162606-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:firefox_esr:10.0"
}
}
}
],
"category": "product_name",
"name": "Firefox ESR"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c102.5",
"product": {
"name": "Mozilla Thunderbird \u003c102.5",
"product_id": "7366"
}
},
{
"category": "product_version",
"name": "102.5",
"product": {
"name": "Mozilla Thunderbird 102.5",
"product_id": "7366-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:thunderbird:-"
}
}
}
],
"category": "product_name",
"name": "Thunderbird"
}
],
"category": "vendor",
"name": "Mozilla"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40674",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-40674"
},
{
"cve": "CVE-2022-45403",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45403"
},
{
"cve": "CVE-2022-45404",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45404"
},
{
"cve": "CVE-2022-45405",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45405"
},
{
"cve": "CVE-2022-45406",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45406"
},
{
"cve": "CVE-2022-45407",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45407"
},
{
"cve": "CVE-2022-45408",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45408"
},
{
"cve": "CVE-2022-45409",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45409"
},
{
"cve": "CVE-2022-45410",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45410"
},
{
"cve": "CVE-2022-45411",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45411"
},
{
"cve": "CVE-2022-45412",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45412"
},
{
"cve": "CVE-2022-45413",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45413"
},
{
"cve": "CVE-2022-45415",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45415"
},
{
"cve": "CVE-2022-45416",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45416"
},
{
"cve": "CVE-2022-45417",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45417"
},
{
"cve": "CVE-2022-45418",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45418"
},
{
"cve": "CVE-2022-45419",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45419"
},
{
"cve": "CVE-2022-45420",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45420"
},
{
"cve": "CVE-2022-45421",
"product_status": {
"known_affected": [
"162606",
"2951",
"T002207",
"7356",
"67646",
"7366",
"T000126",
"398363",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2022-11-15T23:00:00.000+00:00",
"title": "CVE-2022-45421"
}
]
}
WID-SEC-W-2022-2372
Vulnerability from csaf_certbund - Published: 2022-12-19 23:00 - Updated: 2023-01-19 23:00Summary
genua genugate: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die genugate ist ein mehrstufiges Firewallprodukt des Herstellers genua GmbH.
Angriff: Ein entfernter, anonymer Angreifer kann einige der mehreren Schwachstellen in Komponenten von Drittanbietern ausnutzen, die von genua genugate verwendet werden, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
Betroffene Betriebssysteme: - Sonstiges
In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die genugate ist ein mehrstufiges Firewallprodukt des Herstellers genua GmbH.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann einige der mehreren Schwachstellen in Komponenten von Drittanbietern ausnutzen, die von genua genugate verwendet werden, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2372 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2372.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2372 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2372"
},
{
"category": "external",
"summary": "Genua Patch vom 2022-12-19",
"url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-105p1-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0\u0026tx_genusupport_content%5BsearchTerm%5D=\u0026tx_genusupport_content%5BforcePath%5D=\u0026tx_genusupport_content%5Baction%5D=genuSupportSearch\u0026tx_genusupport_content%5Bcontroller%5D=Content\u0026cHash=37a9613baf9adebc3e20772aaa249fc3"
},
{
"category": "external",
"summary": "Genua Patch vom 2022-12-19",
"url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-104p2-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0\u0026tx_genusupport_content%5BsearchTerm%5D=\u0026tx_genusupport_content%5BforcePath%5D=\u0026tx_genusupport_content%5Baction%5D=genuSupportSearch\u0026tx_genusupport_content%5Bcontroller%5D=Content\u0026cHash=9cc97408444883591a94c7b03271ff7b"
},
{
"category": "external",
"summary": "Genua Patch vom 2022-12-19",
"url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-100p12-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0\u0026tx_genusupport_content%5BsearchTerm%5D=\u0026tx_genusupport_content%5BforcePath%5D=\u0026tx_genusupport_content%5Baction%5D=genuSupportSearch\u0026tx_genusupport_content%5Bcontroller%5D=Content\u0026cHash=ef1c457a05f6f4465cc46f9369fe23d5"
}
],
"source_lang": "en-US",
"title": "genua genugate: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-01-19T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:40:14.418+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-2372",
"initial_release_date": "2022-12-19T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-12-19T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-01-19T23:00:00.000+00:00",
"number": "2",
"summary": "CVE Nummern erg\u00e4nzt; Hinweis: nicht alle CVE bei genugate ausnutzbar"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "genua genugate \u003c 10.0p12",
"product": {
"name": "genua genugate \u003c 10.0p12",
"product_id": "T025654",
"product_identification_helper": {
"cpe": "cpe:/h:genua:genugate:10.0p12"
}
}
},
{
"category": "product_name",
"name": "genua genugate \u003c 10.4p2",
"product": {
"name": "genua genugate \u003c 10.4p2",
"product_id": "T025655",
"product_identification_helper": {
"cpe": "cpe:/h:genua:genugate:10.4p2"
}
}
},
{
"category": "product_name",
"name": "genua genugate \u003c 10.5p1",
"product": {
"name": "genua genugate \u003c 10.5p1",
"product_id": "T025656",
"product_identification_helper": {
"cpe": "cpe:/h:genua:genugate:10.5p1"
}
}
}
],
"category": "product_name",
"name": "genugate"
}
],
"category": "vendor",
"name": "genua"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-44640",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-44640"
},
{
"cve": "CVE-2022-44638",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-44638"
},
{
"cve": "CVE-2022-43680",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-43680"
},
{
"cve": "CVE-2022-42916",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-42915",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-42898",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-42898"
},
{
"cve": "CVE-2022-41916",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-41916"
},
{
"cve": "CVE-2022-40674",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-40674"
},
{
"cve": "CVE-2022-40304",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-40304"
},
{
"cve": "CVE-2022-40303",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-40303"
},
{
"cve": "CVE-2022-35260",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-35260"
},
{
"cve": "CVE-2022-35252",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-3437",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-3437"
},
{
"cve": "CVE-2022-32221",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-32221"
},
{
"cve": "CVE-2021-44758",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-44758"
},
{
"cve": "CVE-2021-3671",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-3671"
}
]
}
WID-SEC-W-2023-0561
Vulnerability from csaf_certbund - Published: 2023-03-02 23:00 - Updated: 2023-05-18 22:00Summary
Xerox FreeFlow Print Server: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v2
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v2
|
— | |
|
Xerox FreeFlow Print Server 7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:7
|
— | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
— |
References
6 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FreeFlow-Druckserver ist eine Druckserveranwendung f\u00fcr Xerox-Produktionsdrucker, die Flexibilit\u00e4t, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0561 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0561.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0561 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0561"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX23-007 vom 2023-05-18",
"url": "https://security.business.xerox.com/wp-content/uploads/2023/05/Xerox-Security-Bulletin-XRX23-007-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX23-005 vom 2023-04-04",
"url": "https://security.business.xerox.com/wp-content/uploads/2023/04/Xerox-Security-Bulletin-XRX23-005-Xerox%25C2%25AE-FreeFlow%25C2%25AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX23-002 vom 2023-03-23",
"url": "https://security.business.xerox.com/wp-content/uploads/2023/03/Xerox-Security-Bulletin-XRX23-002-FreeFlow-Print-Server-v2_Windows10.pdf"
},
{
"category": "external",
"summary": "Xerox Mini Bulletin XRX21A vom 2023-03-02",
"url": "https://security.business.xerox.com/wp-content/uploads/2023/03/Xerox-Security-Bulletin-XRX23-001-FreeFlow%C2%AE-Print-Server-v7.pdf"
}
],
"source_lang": "en-US",
"title": "Xerox FreeFlow Print Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-05-18T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:46:07.359+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0561",
"initial_release_date": "2023-03-02T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-03-02T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-03-22T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2023-04-03T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2023-05-18T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von XEROX aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Xerox FreeFlow Print Server 7",
"product": {
"name": "Xerox FreeFlow Print Server 7",
"product_id": "T000872",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:7"
}
}
},
{
"category": "product_name",
"name": "Xerox FreeFlow Print Server 9",
"product": {
"name": "Xerox FreeFlow Print Server 9",
"product_id": "T002977",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:9"
}
}
},
{
"category": "product_name",
"name": "Xerox FreeFlow Print Server v2",
"product": {
"name": "Xerox FreeFlow Print Server v2",
"product_id": "T014888",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v2"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-21900",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2023-21900"
},
{
"cve": "CVE-2023-21843",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2023-21843"
},
{
"cve": "CVE-2023-21835",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2023-21835"
},
{
"cve": "CVE-2023-21830",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2023-21830"
},
{
"cve": "CVE-2022-46882",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-46882"
},
{
"cve": "CVE-2022-46881",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-46881"
},
{
"cve": "CVE-2022-46880",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-46880"
},
{
"cve": "CVE-2022-46878",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-46878"
},
{
"cve": "CVE-2022-46875",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-46875"
},
{
"cve": "CVE-2022-46874",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-46874"
},
{
"cve": "CVE-2022-46872",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-46872"
},
{
"cve": "CVE-2022-45421",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45421"
},
{
"cve": "CVE-2022-45420",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45420"
},
{
"cve": "CVE-2022-45419",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45419"
},
{
"cve": "CVE-2022-45418",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45418"
},
{
"cve": "CVE-2022-45417",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45417"
},
{
"cve": "CVE-2022-45416",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45416"
},
{
"cve": "CVE-2022-45415",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45415"
},
{
"cve": "CVE-2022-45414",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45414"
},
{
"cve": "CVE-2022-45413",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45413"
},
{
"cve": "CVE-2022-45412",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45412"
},
{
"cve": "CVE-2022-45411",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45411"
},
{
"cve": "CVE-2022-45410",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45410"
},
{
"cve": "CVE-2022-45409",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45409"
},
{
"cve": "CVE-2022-45408",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45408"
},
{
"cve": "CVE-2022-45407",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45407"
},
{
"cve": "CVE-2022-45406",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45406"
},
{
"cve": "CVE-2022-45405",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45405"
},
{
"cve": "CVE-2022-45404",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45404"
},
{
"cve": "CVE-2022-45403",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45403"
},
{
"cve": "CVE-2022-45063",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45063"
},
{
"cve": "CVE-2022-45061",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-45061"
},
{
"cve": "CVE-2022-44638",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-44638"
},
{
"cve": "CVE-2022-43680",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-43680"
},
{
"cve": "CVE-2022-43548",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-43548"
},
{
"cve": "CVE-2022-42932",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-42932"
},
{
"cve": "CVE-2022-42929",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-42929"
},
{
"cve": "CVE-2022-42928",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-42928"
},
{
"cve": "CVE-2022-42927",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-42927"
},
{
"cve": "CVE-2022-42252",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-42252"
},
{
"cve": "CVE-2022-41556",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-41556"
},
{
"cve": "CVE-2022-41323",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-41323"
},
{
"cve": "CVE-2022-40962",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-40962"
},
{
"cve": "CVE-2022-40960",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-40960"
},
{
"cve": "CVE-2022-40959",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-40959"
},
{
"cve": "CVE-2022-40958",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-40958"
},
{
"cve": "CVE-2022-40957",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-40957"
},
{
"cve": "CVE-2022-40956",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-40956"
},
{
"cve": "CVE-2022-40674",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-40674"
},
{
"cve": "CVE-2022-3970",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-3970"
},
{
"cve": "CVE-2022-39260",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-39260"
},
{
"cve": "CVE-2022-39253",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-39253"
},
{
"cve": "CVE-2022-3786",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-3786"
},
{
"cve": "CVE-2022-37797",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-37797"
},
{
"cve": "CVE-2022-37454",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-37454"
},
{
"cve": "CVE-2022-37436",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-37436"
},
{
"cve": "CVE-2022-36760",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-36760"
},
{
"cve": "CVE-2022-3627",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-3627"
},
{
"cve": "CVE-2022-3626",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-3626"
},
{
"cve": "CVE-2022-36087",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-36087"
},
{
"cve": "CVE-2022-36059",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-36059"
},
{
"cve": "CVE-2022-3602",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-3602"
},
{
"cve": "CVE-2022-3599",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-3599"
},
{
"cve": "CVE-2022-3598",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-3598"
},
{
"cve": "CVE-2022-3597",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-3597"
},
{
"cve": "CVE-2022-3570",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-3570"
},
{
"cve": "CVE-2022-35256",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-35256"
},
{
"cve": "CVE-2022-35255",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-35255"
},
{
"cve": "CVE-2022-34526",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-34526"
},
{
"cve": "CVE-2022-3276",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-3276"
},
{
"cve": "CVE-2022-32222",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-32222"
},
{
"cve": "CVE-2022-32215",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-32215"
},
{
"cve": "CVE-2022-32213",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-32213"
},
{
"cve": "CVE-2022-32212",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-32212"
},
{
"cve": "CVE-2022-3204",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-3204"
},
{
"cve": "CVE-2022-3190",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-3190"
},
{
"cve": "CVE-2022-31630",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-31630"
},
{
"cve": "CVE-2022-31629",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-31629"
},
{
"cve": "CVE-2022-31628",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-31628"
},
{
"cve": "CVE-2022-3155",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-3155"
},
{
"cve": "CVE-2022-3034",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-3034"
},
{
"cve": "CVE-2022-3033",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-3033"
},
{
"cve": "CVE-2022-3032",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-3032"
},
{
"cve": "CVE-2022-29458",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-29458"
},
{
"cve": "CVE-2022-29187",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-29187"
},
{
"cve": "CVE-2022-29154",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-29154"
},
{
"cve": "CVE-2022-2869",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-2869"
},
{
"cve": "CVE-2022-2868",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-2868"
},
{
"cve": "CVE-2022-2867",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-2867"
},
{
"cve": "CVE-2022-27406",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-27406"
},
{
"cve": "CVE-2022-27405",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-27405"
},
{
"cve": "CVE-2022-27404",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-27404"
},
{
"cve": "CVE-2022-26981",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-26981"
},
{
"cve": "CVE-2022-24765",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-24765"
},
{
"cve": "CVE-2022-24070",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-24070"
},
{
"cve": "CVE-2022-23901",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-23901"
},
{
"cve": "CVE-2022-22844",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-22844"
},
{
"cve": "CVE-2022-2210",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-2210"
},
{
"cve": "CVE-2022-2208",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-2208"
},
{
"cve": "CVE-2022-2207",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-2207"
},
{
"cve": "CVE-2022-2206",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-2206"
},
{
"cve": "CVE-2022-2183",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-2183"
},
{
"cve": "CVE-2022-2175",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-2175"
},
{
"cve": "CVE-2022-21658",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-21658"
},
{
"cve": "CVE-2022-21628",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-21628"
},
{
"cve": "CVE-2022-21626",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-21626"
},
{
"cve": "CVE-2022-21624",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-21624"
},
{
"cve": "CVE-2022-21619",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-21619"
},
{
"cve": "CVE-2022-2125",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-2125"
},
{
"cve": "CVE-2022-2122",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-2122"
},
{
"cve": "CVE-2022-2058",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-2058"
},
{
"cve": "CVE-2022-2057",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-2057"
},
{
"cve": "CVE-2022-2056",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-2056"
},
{
"cve": "CVE-2022-1925",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-1925"
},
{
"cve": "CVE-2022-1924",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-1924"
},
{
"cve": "CVE-2022-1923",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-1923"
},
{
"cve": "CVE-2022-1922",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-1922"
},
{
"cve": "CVE-2022-1921",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-1921"
},
{
"cve": "CVE-2022-1920",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-1920"
},
{
"cve": "CVE-2022-1348",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-1348"
},
{
"cve": "CVE-2022-1056",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-1056"
},
{
"cve": "CVE-2022-0924",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-0924"
},
{
"cve": "CVE-2022-0909",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-0909"
},
{
"cve": "CVE-2022-0908",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-0908"
},
{
"cve": "CVE-2022-0907",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-0907"
},
{
"cve": "CVE-2022-0891",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-0891"
},
{
"cve": "CVE-2022-0865",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-0865"
},
{
"cve": "CVE-2022-0562",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-0562"
},
{
"cve": "CVE-2022-0561",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2022-0561"
},
{
"cve": "CVE-2021-46848",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2021-46848"
},
{
"cve": "CVE-2021-46823",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2021-46823"
},
{
"cve": "CVE-2021-42694",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2021-42694"
},
{
"cve": "CVE-2021-42574",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2021-42574"
},
{
"cve": "CVE-2021-37750",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2021-37750"
},
{
"cve": "CVE-2021-28544",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2021-28544"
},
{
"cve": "CVE-2020-10735",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2020-10735"
},
{
"cve": "CVE-2019-6111",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2019-6111"
},
{
"cve": "CVE-2018-7160",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2018-7160"
},
{
"cve": "CVE-2015-20107",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2015-20107"
},
{
"cve": "CVE-2006-20001",
"notes": [
{
"category": "description",
"text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden."
}
],
"product_status": {
"known_affected": [
"T014888",
"T000872",
"T002977"
]
},
"release_date": "2023-03-02T23:00:00.000+00:00",
"title": "CVE-2006-20001"
}
]
}
WID-SEC-W-2023-1728
Vulnerability from csaf_certbund - Published: 2023-07-11 22:00 - Updated: 2023-07-11 22:00Summary
Autodesk AutoCAD: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: AutoCAD ist Teil der CAD (Computer Aided Design) Produktpalette von Autodesk.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Autodesk AutoCAD ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
Betroffene Betriebssysteme: - UNIX
- Linux
- MacOS X
- Windows
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "AutoCAD ist Teil der CAD (Computer Aided Design) Produktpalette von Autodesk.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Autodesk AutoCAD ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1728 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1728.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1728 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1728"
},
{
"category": "external",
"summary": "Autodesk Security Advisory adsk-sa-2023-0015 vom 2023-07-11",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0015"
}
],
"source_lang": "en-US",
"title": "Autodesk AutoCAD: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-07-11T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:55:21.152+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1728",
"initial_release_date": "2023-07-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-07-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Autodesk AutoCAD \u003c 2023.1.3",
"product": {
"name": "Autodesk AutoCAD \u003c 2023.1.3",
"product_id": "T027257",
"product_identification_helper": {
"cpe": "cpe:/a:autodesk:autocad:2023.1.3"
}
}
}
],
"category": "vendor",
"name": "Autodesk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-25002",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2023-25002"
},
{
"cve": "CVE-2022-46908",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-46908"
},
{
"cve": "CVE-2022-42916",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-42915",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-40674",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-40674"
},
{
"cve": "CVE-2022-37434",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-35252",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-32221",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-32221"
},
{
"cve": "CVE-2022-32208",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-32207",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-32206",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-32205",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2022-27782",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-27782"
},
{
"cve": "CVE-2022-27781",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-27781"
},
{
"cve": "CVE-2022-27780",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-27780"
},
{
"cve": "CVE-2022-27776",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-27776"
},
{
"cve": "CVE-2022-27775",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-27775"
},
{
"cve": "CVE-2022-27774",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-27774"
},
{
"cve": "CVE-2022-22576",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-22576"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…