var-202201-0429
Vulnerability from variot
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor. Bugs fixed (https://bugzilla.redhat.com/):
2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion
2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic
2032128 - Observability - dashboard name contains /
would cause error when generating dashboard cm
2033051 - ACM application placement fails after renaming the application name
2039197 - disable the obs metric collect should not impact the managed cluster upgrade
2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard
2042223 - the value of name label changed from clusterclaim name to cluster name
2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management
2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor
2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys
2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function
2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI
2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak
2053279 - Application cluster status is not updated in UI after restoring
2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+
2057249 - RHACM 2.4.3 images
2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift
2059954 - Subscriptions stop reconciling after channel secrets are recreated
2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path
2074156 - Placementrule is not reconciling on a new fresh environment
2074543 - The cluster claimed from clusterpool can not auto imported
- Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.3.6 General Availability release images, which provide security updates and bug fixes. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security updates:
-
Nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)
-
Nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
Golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
-
Follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
Bug fixes:
-
Inform ACM policy is not checking properly the node fields (BZ# 2015588)
-
ImagePullPolicy is "Always" for multicluster-operators-subscription-rhel8 image (BZ# 2021128)
-
Traceback blocks reconciliation of helm repository hosted on AWS S3 storage (BZ# 2021576)
-
RHACM 2.3.6 images (BZ# 2029507)
-
Console UI enabled SNO UI Options not displayed during cluster creating (BZ# 2030002)
-
Grc pod restarts for each new GET request to the Governance Policy Page (BZ# 2037351)
-
Clustersets do not appear in UI (BZ# 2049810)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
2015588 - Inform ACM policy is not checking properly the node fields 2021128 - imagePullPolicy is "Always" for multicluster-operators-subscription-rhel8 image 2021576 - traceback blocks reconciliation of helm repository hosted on AWS S3 storage 2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability 2029507 - RHACM 2.3.6 images 2030002 - Console UI enabled SNO UI Options not displayed during cluster creating 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2037351 - grc pod restarts for each new GET request to the Governance Policy Page 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2049810 - Clustersets do not appear in UI 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.3] bug fix and security update Advisory ID: RHSA-2022:8502-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2022:8502 Issue date: 2022-11-16 CVE Names: CVE-2022-0155 CVE-2022-2805 ==================================================================== 1. Summary:
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch
- Description:
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Bug Fix(es):
-
Ghost OVFs are written when using floating SD to migrate VMs between 2 RHV environments. (BZ#1705338)
-
RHV engine is reporting a delete disk with wipe as completing successfully when it actually fails from a timeout. (BZ#1836318)
-
[DR] Failover / Failback HA VM Fails to be started due to 'VM XXX is being imported' (BZ#1968433)
-
Virtual Machine with lease fails to run on DR failover (BZ#1974535)
-
Disk is missing after importing VM from Storage Domain that was detached from another DC. (BZ#1983567)
-
Unable to switch RHV host into maintenance mode as there are image transfer in progress (BZ#2123141)
-
not able to import disk in 4.5.2 (BZ#2134549)
Enhancement(s):
-
[RFE] Show last events for user VMs (BZ#1886211)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891
- Bugs fixed (https://bugzilla.redhat.com/):
1705338 - Ghost OVFs are written when using floating SD to migrate VMs between 2 RHV environments. 1836318 - RHV engine is reporting a delete disk with wipe as completing successfully when it actually fails from a timeout. 1886211 - [RFE] Show last events for user VMs 1968433 - [DR] Failover / Failback HA VM Fails to be started due to 'VM XXX is being imported' 1974535 - Virtual Machine with lease fails to run on DR failover 1983567 - Disk is missing after importing VM from Storage Domain that was detached from another DC. 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2079545 - CVE-2022-2805 ovirt-engine: RHVM admin password is logged unfiltered when using otopi-style 2118672 - Use rpm instead of auto in package_facts ansible module to prevent mistakes of determining the correct package manager inside package_facts module 2123141 - Unable to switch RHV host into maintenance mode as there are image transfer in progress 2127836 - Create template dialog is not closed when clicking in OK and the template is not created 2134549 - not able to import disk in 4.5.2 2137207 - The RemoveDisk job finishes before the disk was removed from the DB
- Package List:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:
Source: ovirt-engine-4.5.3.2-1.el8ev.src.rpm ovirt-engine-dwh-4.5.7-1.el8ev.src.rpm ovirt-engine-ui-extensions-1.3.6-1.el8ev.src.rpm ovirt-web-ui-1.9.2-1.el8ev.src.rpm
noarch: ovirt-engine-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-backend-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-dbscripts-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-dwh-4.5.7-1.el8ev.noarch.rpm ovirt-engine-dwh-grafana-integration-setup-4.5.7-1.el8ev.noarch.rpm ovirt-engine-dwh-setup-4.5.7-1.el8ev.noarch.rpm ovirt-engine-health-check-bundler-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-restapi-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-setup-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-setup-base-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-setup-plugin-imageio-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-tools-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-tools-backup-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-ui-extensions-1.3.6-1.el8ev.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-webadmin-portal-4.5.3.2-1.el8ev.noarch.rpm ovirt-engine-websocket-proxy-4.5.3.2-1.el8ev.noarch.rpm ovirt-web-ui-1.9.2-1.el8ev.noarch.rpm python3-ovirt-engine-lib-4.5.3.2-1.el8ev.noarch.rpm rhvm-4.5.3.2-1.el8ev.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-0155 https://access.redhat.com/security/cve/CVE-2022-2805 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBY3UyLtzjgjWX9erEAQjacQ//emo9BwMrctxmlrqBwa5vAlrr2Kt3ZVCY hAHTbaUk+sXw9JxGeCZ/aD8/c6ij5oCprdMs4sOGmOfTHEkmj+GbPWfdEluoJvr0 PM001KBuucWC6YDaW/R3V20oZrqdRAlPX7yvTzxuNNlpnpmGx/UkAwB2GSechs91 kXp+E74e1RgOgbFRtzZcgfwCb0Df2Swi2vXdnPDfri5fRVztgwcrIcljLoTBkMy7 8M719eYwsuu1987MqSnIvBOHEj2oWN2IQJTaeNPoz3MqgvYKwqEdiozchJpWvXqi WddEaLT8S+1WhDf4VCIkdtIZrww/Ya2BxoFoEroCr7jTSDy9c9aFcnjn4wqnhO9s yqKfxpTWz9mpgTdHHT4FC06L9AUsxa/UaLKydO3tZhc+IjPH0O63SDBi/pZ5WVAH oCmYtRJA2OYlQABpHXR2x7Pj2Jv7JRNWHjGnabxWVoY6E09vdIrPliz0taPI59s7 YvNtXhkWPIa3w5kyibIxTVLqjR4gr2zrpPa2Oc6QGvEP9zyu59bAxoXKSQj0SYM8 BFykrVd3ahlPGFqOl6UBdvPJpXpJtNXK3lJBCGu2glFSwPXX26ij2fLUW3b7DnUC +xMPlL9m45KHx/Y7s4WnDvlvSNRjhy/Ttddgm/JwYOLxlzTWd1Qez/vfyDuIK7rk QvQket8bo7Q=xS+k -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0429", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinec ins", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0" }, { "model": "sinec ins", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.0" }, { "model": "follow-redirects", "scope": "lt", "trust": 1.0, "vendor": "follow redirects", "version": "1.14.7" }, { "model": "sinec ins", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "follow-redirects", "scope": null, "trust": 0.8, "vendor": "follow redirects", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-003215" }, { "db": "NVD", "id": "CVE-2022-0155" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:follow-redirects_project:follow-redirects:*:*:*:*:*:node.js:*:*", "cpe_name": [], "versionEndExcluding": "1.14.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-0155" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "166309" }, { "db": "PACKETSTORM", "id": "166812" }, { "db": "PACKETSTORM", "id": "166516" }, { "db": "PACKETSTORM", "id": "166204" }, { "db": "PACKETSTORM", "id": "166946" }, { "db": "PACKETSTORM", "id": "166970" }, { "db": "PACKETSTORM", "id": "169919" } ], "trust": 0.7 }, "cve": "CVE-2022-0155", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2022-0155", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "security@huntr.dev", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.1, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-0155", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-0155", "trust": 1.8, "value": "MEDIUM" }, { "author": "security@huntr.dev", "id": "CVE-2022-0155", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202201-685", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2022-0155", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-0155" }, { "db": "JVNDB", "id": "JVNDB-2022-003215" }, { "db": "NVD", "id": "CVE-2022-0155" }, { "db": "NVD", "id": "CVE-2022-0155" }, { "db": "CNNVD", "id": "CNNVD-202201-685" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor. Bugs fixed (https://bugzilla.redhat.com/):\n\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm\n2033051 - ACM application placement fails after renaming the application name\n2039197 - disable the obs metric collect should not impact the managed cluster upgrade\n2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard\n2042223 - the value of name label changed from clusterclaim name to cluster name\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature authenticated user can obtain the privileges of the System account\n2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2053279 - Application cluster status is not updated in UI after restoring\n2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+\n2057249 - RHACM 2.4.3 images\n2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift\n2059954 - Subscriptions stop reconciling after channel secrets are recreated\n2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path\n2074156 - Placementrule is not reconciling on a new fresh environment\n2074543 - The cluster claimed from clusterpool can not auto imported\n\n5. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.6 General\nAvailability\nrelease images, which provide security updates and bug fixes. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* Nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)\n\n* Nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* Golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* Follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\nBug fixes:\n\n* Inform ACM policy is not checking properly the node fields (BZ# 2015588)\n\n* ImagePullPolicy is \"Always\" for multicluster-operators-subscription-rhel8\nimage (BZ# 2021128)\n\n* Traceback blocks reconciliation of helm repository hosted on AWS S3\nstorage (BZ# 2021576)\n\n* RHACM 2.3.6 images (BZ# 2029507)\n\n* Console UI enabled SNO UI Options not displayed during cluster creating\n(BZ# 2030002)\n\n* Grc pod restarts for each new GET request to the Governance Policy Page\n(BZ# 2037351)\n\n* Clustersets do not appear in UI (BZ# 2049810)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2015588 - Inform ACM policy is not checking properly the node fields\n2021128 - imagePullPolicy is \"Always\" for multicluster-operators-subscription-rhel8 image\n2021576 - traceback blocks reconciliation of helm repository hosted on AWS S3 storage\n2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability\n2029507 - RHACM 2.3.6 images\n2030002 - Console UI enabled SNO UI Options not displayed during cluster creating\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2037351 - grc pod restarts for each new GET request to the Governance Policy Page\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2049810 - Clustersets do not appear in UI\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.3] bug fix and security update\nAdvisory ID: RHSA-2022:8502-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:8502\nIssue date: 2022-11-16\nCVE Names: CVE-2022-0155 CVE-2022-2805\n====================================================================\n1. Summary:\n\nUpdated ovirt-engine packages that fix several bugs and add various\nenhancements are now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch\n\n3. Description:\n\nThe ovirt-engine package provides the Red Hat Virtualization Manager, a\ncentralized management platform that allows system administrators to view\nand manage virtual machines. The Manager provides a comprehensive range of\nfeatures including search capabilities, resource management, live\nmigrations, and virtual infrastructure provisioning. \n\nBug Fix(es):\n\n* Ghost OVFs are written when using floating SD to migrate VMs between 2\nRHV environments. (BZ#1705338)\n\n* RHV engine is reporting a delete disk with wipe as completing\nsuccessfully when it actually fails from a timeout. (BZ#1836318)\n\n* [DR] Failover / Failback HA VM Fails to be started due to \u0027VM XXX is\nbeing imported\u0027 (BZ#1968433)\n\n* Virtual Machine with lease fails to run on DR failover (BZ#1974535)\n\n* Disk is missing after importing VM from Storage Domain that was detached\nfrom another DC. (BZ#1983567)\n\n* Unable to switch RHV host into maintenance mode as there are image\ntransfer in progress (BZ#2123141)\n\n* not able to import disk in 4.5.2 (BZ#2134549)\n\nEnhancement(s):\n\n* [RFE] Show last events for user VMs (BZ#1886211)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1705338 - Ghost OVFs are written when using floating SD to migrate VMs between 2 RHV environments. \n1836318 - RHV engine is reporting a delete disk with wipe as completing successfully when it actually fails from a timeout. \n1886211 - [RFE] Show last events for user VMs\n1968433 - [DR] Failover / Failback HA VM Fails to be started due to \u0027VM XXX is being imported\u0027\n1974535 - Virtual Machine with lease fails to run on DR failover\n1983567 - Disk is missing after importing VM from Storage Domain that was detached from another DC. \n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2079545 - CVE-2022-2805 ovirt-engine: RHVM admin password is logged unfiltered when using otopi-style\n2118672 - Use rpm instead of auto in package_facts ansible module to prevent mistakes of determining the correct package manager inside package_facts module\n2123141 - Unable to switch RHV host into maintenance mode as there are image transfer in progress\n2127836 - Create template dialog is not closed when clicking in OK and the template is not created\n2134549 - not able to import disk in 4.5.2\n2137207 - The RemoveDisk job finishes before the disk was removed from the DB\n\n6. Package List:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:\n\nSource:\novirt-engine-4.5.3.2-1.el8ev.src.rpm\novirt-engine-dwh-4.5.7-1.el8ev.src.rpm\novirt-engine-ui-extensions-1.3.6-1.el8ev.src.rpm\novirt-web-ui-1.9.2-1.el8ev.src.rpm\n\nnoarch:\novirt-engine-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-backend-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-dbscripts-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-dwh-4.5.7-1.el8ev.noarch.rpm\novirt-engine-dwh-grafana-integration-setup-4.5.7-1.el8ev.noarch.rpm\novirt-engine-dwh-setup-4.5.7-1.el8ev.noarch.rpm\novirt-engine-health-check-bundler-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-restapi-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-setup-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-setup-base-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-setup-plugin-cinderlib-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-setup-plugin-imageio-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-common-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-setup-plugin-websocket-proxy-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-tools-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-tools-backup-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-ui-extensions-1.3.6-1.el8ev.noarch.rpm\novirt-engine-vmconsole-proxy-helper-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-webadmin-portal-4.5.3.2-1.el8ev.noarch.rpm\novirt-engine-websocket-proxy-4.5.3.2-1.el8ev.noarch.rpm\novirt-web-ui-1.9.2-1.el8ev.noarch.rpm\npython3-ovirt-engine-lib-4.5.3.2-1.el8ev.noarch.rpm\nrhvm-4.5.3.2-1.el8ev.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-0155\nhttps://access.redhat.com/security/cve/CVE-2022-2805\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY3UyLtzjgjWX9erEAQjacQ//emo9BwMrctxmlrqBwa5vAlrr2Kt3ZVCY\nhAHTbaUk+sXw9JxGeCZ/aD8/c6ij5oCprdMs4sOGmOfTHEkmj+GbPWfdEluoJvr0\nPM001KBuucWC6YDaW/R3V20oZrqdRAlPX7yvTzxuNNlpnpmGx/UkAwB2GSechs91\nkXp+E74e1RgOgbFRtzZcgfwCb0Df2Swi2vXdnPDfri5fRVztgwcrIcljLoTBkMy7\n8M719eYwsuu1987MqSnIvBOHEj2oWN2IQJTaeNPoz3MqgvYKwqEdiozchJpWvXqi\nWddEaLT8S+1WhDf4VCIkdtIZrww/Ya2BxoFoEroCr7jTSDy9c9aFcnjn4wqnhO9s\nyqKfxpTWz9mpgTdHHT4FC06L9AUsxa/UaLKydO3tZhc+IjPH0O63SDBi/pZ5WVAH\noCmYtRJA2OYlQABpHXR2x7Pj2Jv7JRNWHjGnabxWVoY6E09vdIrPliz0taPI59s7\nYvNtXhkWPIa3w5kyibIxTVLqjR4gr2zrpPa2Oc6QGvEP9zyu59bAxoXKSQj0SYM8\nBFykrVd3ahlPGFqOl6UBdvPJpXpJtNXK3lJBCGu2glFSwPXX26ij2fLUW3b7DnUC\n+xMPlL9m45KHx/Y7s4WnDvlvSNRjhy/Ttddgm/JwYOLxlzTWd1Qez/vfyDuIK7rk\nQvQket8bo7Q=xS+k\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2022-0155" }, { "db": "JVNDB", "id": "JVNDB-2022-003215" }, { "db": "VULMON", "id": "CVE-2022-0155" }, { "db": "PACKETSTORM", "id": "166309" }, { "db": "PACKETSTORM", "id": "166812" }, { "db": "PACKETSTORM", "id": "166516" }, { "db": "PACKETSTORM", "id": "166204" }, { "db": "PACKETSTORM", "id": "166946" }, { "db": "PACKETSTORM", "id": "166970" }, { "db": "PACKETSTORM", "id": "169919" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-0155", "trust": 4.0 }, { "db": "SIEMENS", "id": "SSA-637483", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU99475301", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-003215", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-22-258-05", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "166812", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "166516", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "166204", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "166946", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "166970", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "169919", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2022.4616", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.5020", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1071", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.5790", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.5990", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.3482", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022071510", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022032840", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202201-685", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-0155", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "166309", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-0155" }, { "db": "JVNDB", "id": "JVNDB-2022-003215" }, { "db": "PACKETSTORM", "id": "166309" }, { "db": "PACKETSTORM", "id": "166812" }, { "db": "PACKETSTORM", "id": "166516" }, { "db": "PACKETSTORM", "id": "166204" }, { "db": "PACKETSTORM", "id": "166946" }, { "db": "PACKETSTORM", "id": "166970" }, { "db": "PACKETSTORM", "id": "169919" }, { "db": "NVD", "id": "CVE-2022-0155" }, { "db": "CNNVD", "id": "CNNVD-202201-685" } ] }, "id": "VAR-202201-0429", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.20766129 }, "last_update_date": "2023-12-18T11:35:15.196000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Drop\u00a0Cookie\u00a0header\u00a0across\u00a0domains. Siemens Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22" }, { "title": "Follow Redirects Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=178984" }, { "title": "Red Hat: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.3] bug fix and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228502 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.10 security updates and bug fixes", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221715 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.4 security updates and bug fixes", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221681 - security advisory" }, { "title": "Red Hat: Important: Red Hat Advanced Cluster Management 2.3.6 security updates and bug fixes", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220595 - security advisory" }, { "title": "IBM: Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e84bc00c9f55b86e956036a09317820b" }, { "title": "IBM: Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2f42526bdbba457e2271ed17ea2e3e9a" }, { "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221083 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221476 - security advisory" }, { "title": "IBM: Security Bulletin: IBM QRadar Assistant app for IBM QRadar SIEM includes components with multiple known vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0c5e20c044e4005143b2303b28407553" }, { "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220856 - security advisory" }, { "title": "IBM: Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=68c6989b84f14aaac220c13b754c7702" }, { "title": "ioBroker.switchbot-ble", "trust": 0.1, "url": "https://github.com/mrbungle64/iobroker.switchbot-ble " }, { "title": "node-red-contrib-ecovacs-deebot", "trust": 0.1, "url": "https://github.com/mrbungle64/node-red-contrib-ecovacs-deebot " }, { "title": "ioBroker.ecovacs-deebot", "trust": 0.1, "url": "https://github.com/mrbungle64/iobroker.ecovacs-deebot " }, { "title": "ecovacs-deebot.js", "trust": 0.1, "url": "https://github.com/mrbungle64/ecovacs-deebot.js " }, { "title": "ioBroker.e3dc-rscp", "trust": 0.1, "url": "https://github.com/git-kick/iobroker.e3dc-rscp " } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-0155" }, { "db": "JVNDB", "id": "JVNDB-2022-003215" }, { "db": "CNNVD", "id": "CNNVD-202201-685" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-359", "trust": 1.0 }, { "problemtype": "Disclosure of Personal Information to Unauthorized Actors (CWE-359) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-003215" }, { "db": "NVD", "id": "CVE-2022-0155" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155" }, { "trust": 1.7, "url": "https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406" }, { "trust": 1.7, "url": "https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu99475301/index.html" }, { "trust": 0.8, "url": "https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406/" }, { "trust": 0.7, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2022-0155" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022071510" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.4616" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166970/red-hat-security-advisory-2022-1715-01.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/node-js-follow-redirects-information-disclosure-via-cookie-header-38829" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/ibm-security-qradar-siem-information-disclosure-39657" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1071" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/169919/red-hat-security-advisory-2022-8502-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166812/red-hat-security-advisory-2022-1476-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166516/red-hat-security-advisory-2022-1083-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5020" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5790" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3482" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-258-05" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5990" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022032840" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166946/red-hat-security-advisory-2022-1681-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166204/red-hat-security-advisory-2022-0595-02.html" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-0536" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-0235" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536" }, { "trust": 0.4, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-22942" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-0330" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-0920" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-23566" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-43565" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0185" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-4122" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3712" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-4155" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-4019" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-4192" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3984" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-42574" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-4193" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3872" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3521" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0413" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-25236" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-31566" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22827" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0392" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22824" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-23219" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3999" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-23308" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0516" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-45960" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-46143" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-23852" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0261" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22826" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22825" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0359" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0435" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0492" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-4154" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22822" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-23177" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0144" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0318" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22823" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-24450" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-25315" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-23218" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0847" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-25235" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21803" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-24785" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24723" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24785" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-1154" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25636" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-25636" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-4028" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-4115" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-24723" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4115" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-25032" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4028" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21803" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-1271" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0613" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-0613" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/359.html" }, { "trust": 0.1, "url": "https://github.com/mrbungle64/iobroker.switchbot-ble" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05" }, { "trust": 0.1, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-app-for-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-2/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-0465" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3200" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23434" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27645" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33574" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13435" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5827" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24370" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13751" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3564" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19603" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-35942" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17594" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25710" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3572" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-40346" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22898" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-0466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16135" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36084" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3800" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36087" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3445" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0856" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25214" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22925" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0465" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20232" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22876" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3752" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14155" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25709" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36085" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33560" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28153" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3573" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24407" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25214" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3426" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-18218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39241" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3580" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0778" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41190" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0811" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-27191" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:1476" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24778" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-41190" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:1083" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3521" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4034" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-4034" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20321" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42739" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3918" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4155" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25704" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-20612" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-42739" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3918" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25704" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42574" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4122" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36322" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-20612" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-20617" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20321" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-20617" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36322" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:1681" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24773" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1365" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24772" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24771" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1365" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24771" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24772" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23555" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24450" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23555" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24773" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4083" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-4083" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0711" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0711" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:1715" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-2805" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/2974891" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:8502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2805" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-0155" }, { "db": "JVNDB", "id": "JVNDB-2022-003215" }, { "db": "PACKETSTORM", "id": "166309" }, { "db": "PACKETSTORM", "id": "166812" }, { "db": "PACKETSTORM", "id": "166516" }, { "db": "PACKETSTORM", "id": "166204" }, { "db": "PACKETSTORM", "id": "166946" }, { "db": "PACKETSTORM", "id": "166970" }, { "db": "PACKETSTORM", "id": "169919" }, { "db": "NVD", "id": "CVE-2022-0155" }, { "db": "CNNVD", "id": "CNNVD-202201-685" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-0155" }, { "db": "JVNDB", "id": "JVNDB-2022-003215" }, { "db": "PACKETSTORM", "id": "166309" }, { "db": "PACKETSTORM", "id": "166812" }, { "db": "PACKETSTORM", "id": "166516" }, { "db": "PACKETSTORM", "id": "166204" }, { "db": "PACKETSTORM", "id": "166946" }, { "db": "PACKETSTORM", "id": "166970" }, { "db": "PACKETSTORM", "id": "169919" }, { "db": "NVD", "id": "CVE-2022-0155" }, { "db": "CNNVD", "id": "CNNVD-202201-685" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-10T00:00:00", "db": "VULMON", "id": "CVE-2022-0155" }, { "date": "2023-02-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-003215" }, { "date": "2022-03-15T15:44:21", "db": "PACKETSTORM", "id": "166309" }, { "date": "2022-04-21T15:12:25", "db": "PACKETSTORM", "id": "166812" }, { "date": "2022-03-29T15:53:19", "db": "PACKETSTORM", "id": "166516" }, { "date": "2022-03-04T16:17:56", "db": "PACKETSTORM", "id": "166204" }, { "date": "2022-05-04T05:42:06", "db": "PACKETSTORM", "id": "166946" }, { "date": "2022-05-05T17:33:41", "db": "PACKETSTORM", "id": "166970" }, { "date": "2022-11-17T13:22:54", "db": "PACKETSTORM", "id": "169919" }, { "date": "2022-01-10T20:15:08.177000", "db": "NVD", "id": "CVE-2022-0155" }, { "date": "2022-01-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-685" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-10-28T00:00:00", "db": "VULMON", "id": "CVE-2022-0155" }, { "date": "2023-02-10T07:20:00", "db": "JVNDB", "id": "JVNDB-2022-003215" }, { "date": "2022-10-28T17:54:29.403000", "db": "NVD", "id": "CVE-2022-0155" }, { "date": "2022-11-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-685" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-685" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "follow-redirects\u00a0 Personal Information Disclosure Vulnerability to Unauthorized Actors in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-003215" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-685" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.