var-202202-0101
Vulnerability from variot
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. ========================================================================== Ubuntu Security Notice USN-5320-1 March 10, 2022
expat vulnerabilities and regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues and a regression were fixed in Expat.
Software Description: - expat: XML parsing C library
Details:
USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several other vulnerabilities.
It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-25313)
It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314)
It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25315)
Original advisory details:
It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25236)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: libexpat1 2.4.1-2ubuntu0.3
Ubuntu 20.04 LTS: libexpat1 2.2.9-1ubuntu0.4
Ubuntu 18.04 LTS: libexpat1 2.2.5-3ubuntu0.7
Ubuntu 16.04 ESM: lib64expat1 2.1.0-7ubuntu0.16.04.5+esm5 libexpat1 2.1.0-7ubuntu0.16.04.5+esm5
Ubuntu 14.04 ESM: lib64expat1 2.1.0-4ubuntu1.4+esm6 libexpat1 2.1.0-4ubuntu1.4+esm6
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.11.0 extras and security update Advisory ID: RHSA-2022:5070-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:5070 Issue date: 2022-08-10 CVE Names: CVE-2018-25032 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-18874 CVE-2019-19603 CVE-2019-20838 CVE-2020-13435 CVE-2020-14155 CVE-2020-24370 CVE-2020-28493 CVE-2021-3580 CVE-2021-3634 CVE-2021-3737 CVE-2021-4189 CVE-2021-20095 CVE-2021-20231 CVE-2021-20232 CVE-2021-23177 CVE-2021-25219 CVE-2021-31566 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-38561 CVE-2021-40528 CVE-2021-42771 CVE-2022-0778 CVE-2022-1271 CVE-2022-1621 CVE-2022-1629 CVE-2022-1706 CVE-2022-1729 CVE-2022-21698 CVE-2022-22576 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24407 CVE-2022-24675 CVE-2022-24903 CVE-2022-24921 CVE-2022-25313 CVE-2022-25314 CVE-2022-27191 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-28327 CVE-2022-29162 CVE-2022-29824 ==================================================================== 1. Summary:
Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.11.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2022:5068
Security Fix(es):
- golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
- prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
2042536 - OCP 4.10: nfd-topology-updater daemonset fails to get created on worker nodes - forbidden: unable to validate against any security context constraint
2042652 - Unable to deploy hw-event-proxy operator
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2047308 - Remove metrics and events for master port offsets
2055049 - No pre-caching for NFD images
2055436 - nfd-master tracking the wrong api group
2055439 - nfd-master tracking the wrong api group (operand)
2057569 - nfd-worker: drop 'custom-' prefix from matchFeatures custom rules
2058256 - LeaseDuration for NFD Operator seems to be rather small, causing Operator restarts when running etcd defrag
2062849 - hw event proxy is not binding on ipv6 local address
2066860 - Wrong spec in NFD documentation under operand
2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp
2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp
2067312 - PPT event source is lost when received by the consumer
2077243 - NFD os release label lost after upgrade to ocp 4.10.6
2087511 - NFD SkipRange is wrong causing OLM install problems
2089962 - Node feature Discovery operator installation failed.
2090774 - Add Readme to plugin directory
2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3
2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
- References:
https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-18874 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-28493 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-20095 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-25219 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2021-42771 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-1706 https://access.redhat.com/security/cve/CVE-2022-1729 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-24903 https://access.redhat.com/security/cve/CVE-2022-24921 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-29162 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYvOfLtzjgjWX9erEAQh7aQ//QAKxZilehv3o6x6Iw6VhjUan4BQK62o0 wOxUKHXbDxB+QT9oHOm2w0C1K1FOGrPcDlkOw9oIK5KS8gWUyNL5r2NjZ0FH0/wu oLIXIZ94BB5cIcpiQx7LtljFjDl0dp2/NlTV5KHKtZrCkm68/e4Xh35tYJK+NL1a 9hTqoXgH07TiUYhOORKig9Sa90tDodWWLs3M6pGri8SrOwUWXz7AuN0p2hD0AKNj 2UxAWrmviYLrNzmBEg9gIjZRF7D8cog/60Wu0cWT2GlRj1oFIv0Dj3KvTvQFq2gH JEOB+eNVlShqoXF8WTuJy358hVOO3ybeCO9M+w6jXJnM4tXttPp5J0CHuxc+SrH3 YfoqG/OaAuNz0r2ZwPj+LxL9isN0JtKvGZgZJIVi//1JWk1Jc9IAJrNJukqL6Nr9 iHojxb9Exk1EGllrpashh70KBZ+uTU94SctLeXyXIENuHq0pPGym6SbQfcnN3Ntq 8eOxHaBmY5uZPfTAuNFSmT+uK1Fia+IsbCZ/6a1A5VNR2zAk4LtGV8JbM/Vzwnwi cDFaurOrKAZRq6L9v6i2/DuNKUlaqoKCF8Mp1RyONTy1cxkb34Yzm189JPsqbM02 GDIdDSqVb8vMzdVjSoMmYJ3rBsMbB6pw+B8VbhIMcYkyC/TOZ8Z1uD/tnpGtUTgf eR+IlWwr9oE=ftiF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.
For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.
Security fixes:
-
CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
-
CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
-
CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
-
CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
-
CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
-
CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
-
CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
-
CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
-
CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
-
CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
-
CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
-
Solution:
For details on how to install Submariner, refer to:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/submariner#submariner-deploy-console
and
https://submariner.io/getting-started/
- Bugs fixed (https://bugzilla.redhat.com/):
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
- Summary:
OpenShift API for Data Protection (OADP) 1.0.4 is now available. Description:
OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.12 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security fix:
- CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
Bug fixes:
-
Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)
-
RHACM 2.3.12 images (BZ# 2101411)
-
Bugs fixed (https://bugzilla.redhat.com/):
2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
- Bugs fixed (https://bugzilla.redhat.com/):
1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 2054663 - CVE-2022-0512 nodejs-url-parse: authorization bypass through user-controlled key 2057442 - CVE-2022-0639 npm-url-parse: Authorization Bypass Through User-Controlled Key 2060018 - CVE-2022-0686 npm-url-parse: Authorization bypass through user-controlled key 2060020 - CVE-2022-0691 npm-url-parse: authorization bypass through user-controlled key 2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0101", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "libexpat", "scope": "lt", "trust": 1.0, "vendor": "libexpat", "version": "2.4.5" }, { "model": "sinema remote connect server", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "zfs storage appliance kit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.8" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "35" } ], "sources": [ { "db": "NVD", "id": "CVE-2022-25314" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.4.5", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-25314" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens notified CISA of these vulnerabilities.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-1606" } ], "trust": 0.6 }, "cve": "CVE-2022-25314", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-415281", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2022-25314", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-25314", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202202-1606", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-415281", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2022-25314", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-415281" }, { "db": "VULMON", "id": "CVE-2022-25314" }, { "db": "CNNVD", "id": "CNNVD-202202-1606" }, { "db": "NVD", "id": "CVE-2022-25314" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. ==========================================================================\nUbuntu Security Notice USN-5320-1\nMarch 10, 2022\n\nexpat vulnerabilities and regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues and a regression were fixed in Expat. \n\nSoftware Description:\n- expat: XML parsing C library\n\nDetails:\n\nUSN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it\ncaused a regression and an additional patch was required. This update address\nthis regression and several other vulnerabilities. \n\nIt was discovered that Expat incorrectly handled certain files. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-25313)\n\nIt was discovered that Expat incorrectly handled certain files. \nAn attacker could possibly use this issue to cause a crash\nor execute arbitrary code. This issue only affected Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314)\n\nIt was discovered that Expat incorrectly handled certain files. \nAn attacker could possibly use this issue to cause a crash or execute\narbitrary code. (CVE-2022-25315)\n\nOriginal advisory details:\n\n It was discovered that Expat incorrectly handled certain files. \n An attacker could possibly use this issue to cause a crash or\n execute arbitrary code. (CVE-2022-25236)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n libexpat1 2.4.1-2ubuntu0.3\n\nUbuntu 20.04 LTS:\n libexpat1 2.2.9-1ubuntu0.4\n\nUbuntu 18.04 LTS:\n libexpat1 2.2.5-3ubuntu0.7\n\nUbuntu 16.04 ESM:\n lib64expat1 2.1.0-7ubuntu0.16.04.5+esm5\n libexpat1 2.1.0-7ubuntu0.16.04.5+esm5\n\nUbuntu 14.04 ESM:\n lib64expat1 2.1.0-4ubuntu1.4+esm6\n libexpat1 2.1.0-4ubuntu1.4+esm6\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: OpenShift Container Platform 4.11.0 extras and security update\nAdvisory ID: RHSA-2022:5070-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5070\nIssue date: 2022-08-10\nCVE Names: CVE-2018-25032 CVE-2019-5827 CVE-2019-13750\n CVE-2019-13751 CVE-2019-17594 CVE-2019-17595\n CVE-2019-18218 CVE-2019-18874 CVE-2019-19603\n CVE-2019-20838 CVE-2020-13435 CVE-2020-14155\n CVE-2020-24370 CVE-2020-28493 CVE-2021-3580\n CVE-2021-3634 CVE-2021-3737 CVE-2021-4189\n CVE-2021-20095 CVE-2021-20231 CVE-2021-20232\n CVE-2021-23177 CVE-2021-25219 CVE-2021-31566\n CVE-2021-36084 CVE-2021-36085 CVE-2021-36086\n CVE-2021-36087 CVE-2021-38561 CVE-2021-40528\n CVE-2021-42771 CVE-2022-0778 CVE-2022-1271\n CVE-2022-1621 CVE-2022-1629 CVE-2022-1706\n CVE-2022-1729 CVE-2022-21698 CVE-2022-22576\n CVE-2022-23772 CVE-2022-23773 CVE-2022-23806\n CVE-2022-24407 CVE-2022-24675 CVE-2022-24903\n CVE-2022-24921 CVE-2022-25313 CVE-2022-25314\n CVE-2022-27191 CVE-2022-27774 CVE-2022-27776\n CVE-2022-27782 CVE-2022-28327 CVE-2022-29162\n CVE-2022-29824\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.11.0 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.11. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.11.0. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2022:5068\n\nSecurity Fix(es):\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2042536 - OCP 4.10: nfd-topology-updater daemonset fails to get created on worker nodes - forbidden: unable to validate against any security context constraint\n2042652 - Unable to deploy hw-event-proxy operator\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047308 - Remove metrics and events for master port offsets\n2055049 - No pre-caching for NFD images\n2055436 - nfd-master tracking the wrong api group\n2055439 - nfd-master tracking the wrong api group (operand)\n2057569 - nfd-worker: drop \u0027custom-\u0027 prefix from matchFeatures custom rules\n2058256 - LeaseDuration for NFD Operator seems to be rather small, causing Operator restarts when running etcd defrag\n2062849 - hw event proxy is not binding on ipv6 local address\n2066860 - Wrong spec in NFD documentation under `operand`\n2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp\n2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp\n2067312 - PPT event source is lost when received by the consumer\n2077243 - NFD os release label lost after upgrade to ocp 4.10.6\n2087511 - NFD SkipRange is wrong causing OLM install problems\n2089962 - Node feature Discovery operator installation failed. \n2090774 - Add Readme to plugin directory\n2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3\n2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-25032\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-18874\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2020-28493\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3634\nhttps://access.redhat.com/security/cve/CVE-2021-3737\nhttps://access.redhat.com/security/cve/CVE-2021-4189\nhttps://access.redhat.com/security/cve/CVE-2021-20095\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-25219\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-38561\nhttps://access.redhat.com/security/cve/CVE-2021-40528\nhttps://access.redhat.com/security/cve/CVE-2021-42771\nhttps://access.redhat.com/security/cve/CVE-2022-0778\nhttps://access.redhat.com/security/cve/CVE-2022-1271\nhttps://access.redhat.com/security/cve/CVE-2022-1621\nhttps://access.redhat.com/security/cve/CVE-2022-1629\nhttps://access.redhat.com/security/cve/CVE-2022-1706\nhttps://access.redhat.com/security/cve/CVE-2022-1729\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-22576\nhttps://access.redhat.com/security/cve/CVE-2022-23772\nhttps://access.redhat.com/security/cve/CVE-2022-23773\nhttps://access.redhat.com/security/cve/CVE-2022-23806\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/cve/CVE-2022-24675\nhttps://access.redhat.com/security/cve/CVE-2022-24903\nhttps://access.redhat.com/security/cve/CVE-2022-24921\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-27191\nhttps://access.redhat.com/security/cve/CVE-2022-27774\nhttps://access.redhat.com/security/cve/CVE-2022-27776\nhttps://access.redhat.com/security/cve/CVE-2022-27782\nhttps://access.redhat.com/security/cve/CVE-2022-28327\nhttps://access.redhat.com/security/cve/CVE-2022-29162\nhttps://access.redhat.com/security/cve/CVE-2022-29824\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYvOfLtzjgjWX9erEAQh7aQ//QAKxZilehv3o6x6Iw6VhjUan4BQK62o0\nwOxUKHXbDxB+QT9oHOm2w0C1K1FOGrPcDlkOw9oIK5KS8gWUyNL5r2NjZ0FH0/wu\noLIXIZ94BB5cIcpiQx7LtljFjDl0dp2/NlTV5KHKtZrCkm68/e4Xh35tYJK+NL1a\n9hTqoXgH07TiUYhOORKig9Sa90tDodWWLs3M6pGri8SrOwUWXz7AuN0p2hD0AKNj\n2UxAWrmviYLrNzmBEg9gIjZRF7D8cog/60Wu0cWT2GlRj1oFIv0Dj3KvTvQFq2gH\nJEOB+eNVlShqoXF8WTuJy358hVOO3ybeCO9M+w6jXJnM4tXttPp5J0CHuxc+SrH3\nYfoqG/OaAuNz0r2ZwPj+LxL9isN0JtKvGZgZJIVi//1JWk1Jc9IAJrNJukqL6Nr9\niHojxb9Exk1EGllrpashh70KBZ+uTU94SctLeXyXIENuHq0pPGym6SbQfcnN3Ntq\n8eOxHaBmY5uZPfTAuNFSmT+uK1Fia+IsbCZ/6a1A5VNR2zAk4LtGV8JbM/Vzwnwi\ncDFaurOrKAZRq6L9v6i2/DuNKUlaqoKCF8Mp1RyONTy1cxkb34Yzm189JPsqbM02\nGDIdDSqVb8vMzdVjSoMmYJ3rBsMbB6pw+B8VbhIMcYkyC/TOZ8Z1uD/tnpGtUTgf\neR+IlWwr9oE=ftiF\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nSubmariner enables direct networking between pods and services on different\nKubernetes clusters that are either on-premises or in the cloud. \n\nFor more information about Submariner, see the Submariner open source\ncommunity website at: https://submariner.io/. \n\nSecurity fixes:\n\n* CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language\nleads to DoS\n\n* CVE-2022-1705 golang: net/http: improper sanitization of\nTransfer-Encoding header\n\n* CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n\n* CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n\n* CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n\n* CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n* CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n\n* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n* CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n\n* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy -\nomit X-Forwarded-For not working\n\n* CVE-2022-30629 golang: crypto/tls: session tickets lack random\nticket_age_add\n\n3. Solution:\n\nFor details on how to install Submariner, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/submariner#submariner-deploy-console\n\nand\n\nhttps://submariner.io/getting-started/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n5. Summary:\n\nOpenShift API for Data Protection (OADP) 1.0.4 is now available. Description:\n\nOpenShift API for Data Protection (OADP) enables you to back up and restore\napplication resources, persistent volume data, and internal container\nimages to external backup storage. OADP enables both file system-based and\nsnapshot-based backups for persistent volumes. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.12 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity fix:\n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\nBug fixes:\n\n* Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)\n\n* RHACM 2.3.12 images (BZ# 2101411)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation\n2101411 - RHACM 2.3.12 images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n2054663 - CVE-2022-0512 nodejs-url-parse: authorization bypass through user-controlled key\n2057442 - CVE-2022-0639 npm-url-parse: Authorization Bypass Through User-Controlled Key\n2060018 - CVE-2022-0686 npm-url-parse: Authorization bypass through user-controlled key\n2060020 - CVE-2022-0691 npm-url-parse: authorization bypass through user-controlled key\n2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2022-25314" }, { "db": "VULHUB", "id": "VHN-415281" }, { "db": "VULMON", "id": "CVE-2022-25314" }, { "db": "PACKETSTORM", "id": "166254" }, { "db": "PACKETSTORM", "id": "168036" }, { "db": "PACKETSTORM", "id": "168265" }, { "db": "PACKETSTORM", "id": "168351" }, { "db": "PACKETSTORM", "id": "168213" }, { "db": "PACKETSTORM", "id": "168352" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-25314", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-484086", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2022/02/19/1", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "168265", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "166254", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "168351", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "168022", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "167671", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "168054", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "167853", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "167985", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "168228", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "167778", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "169777", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "168578", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022031502", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022072010", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022061722", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022072127", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022070641", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060122", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031406", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022022109", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022070538", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022051320", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022072631", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022042116", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022022411", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022041954", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022071342", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0934", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.3982", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.3554", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.4744", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.5749", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.4460", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.4568", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.3224", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.3644", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.3873", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.4601", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.4324", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0785.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.3821", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.2607", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-167-17", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202202-1606", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "167845", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167648", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167838", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "167984", "trust": 0.1 }, { "db": "CNVD", "id": "CNVD-2022-18353", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-415281", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-25314", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168036", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168213", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168352", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-415281" }, { "db": "VULMON", "id": "CVE-2022-25314" }, { "db": "PACKETSTORM", "id": "166254" }, { "db": "PACKETSTORM", "id": "168036" }, { "db": "PACKETSTORM", "id": "168265" }, { "db": "PACKETSTORM", "id": "168351" }, { "db": "PACKETSTORM", "id": "168213" }, { "db": "PACKETSTORM", "id": "168352" }, { "db": "CNNVD", "id": "CNNVD-202202-1606" }, { "db": "NVD", "id": "CVE-2022-25314" } ] }, "id": "VAR-202202-0101", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-415281" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:39:22.998000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Expat Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=183671" }, { "title": "Ubuntu Security Notice: USN-5320-1: Expat vulnerabilities and regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5320-1" }, { "title": "Red Hat: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-25314" }, { "title": "Debian Security Advisories: DSA-5085-1 expat -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b32ad21c953fb4340d1a4cbd3394eb98" }, { "title": "Red Hat: Important: mingw-expat security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20227811 - security advisory" }, { "title": "Red Hat: Moderate: ACS 3.71 enhancement and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225704 - security advisory" }, { "title": "Red Hat: Moderate: Openshift Logging Bug Fix and security update Release (5.3.10)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225908 - security advisory" }, { "title": "Red Hat: Moderate: Logging Subsystem 5.4.3 - Red Hat OpenShift security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225556 - security advisory" }, { "title": "Red Hat: Moderate: Openshift Logging Bug Fix and security update Release (5.2.13)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225909 - security advisory" }, { "title": "Red Hat: Moderate: New container image for Red Hat Ceph Storage 5.2 Security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226024 - security advisory" }, { "title": "Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226290 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20227143 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20227144 - security advisory" }, { "title": "Red Hat: Important: Release of containers for OSP 16.2.z director operator tech preview", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225673 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.5.1 security updates and bug fixes", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225531 - security advisory" }, { "title": "Red Hat: Moderate: RHSA: Submariner 0.13 - security and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226346 - security advisory" }, { "title": "Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226430 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.12 security updates and bug fixes", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226271 - security advisory" }, { "title": "Red Hat: Critical: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226696 - security advisory" }, { "title": "Red Hat: Important: Release of OpenShift Serverless 1.24.0", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226040 - security advisory" }, { "title": "Red Hat: Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, \u0026 bugfix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226156 - security advisory" }, { "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225840 - security advisory" }, { "title": "Red Hat: Moderate: OpenShift Container Platform 4.11.0 extras and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225070 - security advisory" }, { "title": "Amazon Linux 2022: ALAS-2022-232", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas-2022-232" }, { "title": "Red Hat: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226526 - security advisory" }, { "title": "Red Hat: Important: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226429 - security advisory" }, { "title": "Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225069 - security advisory" }, { "title": "", "trust": 0.1, "url": "https://github.com/akiraabe/myapp-container-jaxrs " } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-25314" }, { "db": "CNNVD", "id": "CNNVD-202202-1606" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-190", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-415281" }, { "db": "NVD", "id": "CVE-2022-25314" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20220303-0008/" }, { "trust": 1.7, "url": "https://www.debian.org/security/2022/dsa-5085" }, { "trust": 1.7, "url": "https://security.gentoo.org/glsa/202209-24" }, { "trust": 1.7, "url": "https://github.com/libexpat/libexpat/pull/560" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1" }, { "trust": 1.1, "url": "https://access.redhat.com/security/cve/cve-2022-25314" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022072631" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031406" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.2607" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-25314/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022071342" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022041954" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022022411" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/167853/red-hat-security-advisory-2022-5531-01.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/expat-five-vulnerabilities-37608" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022051320" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0934" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3982" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3224" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/167985/red-hat-security-advisory-2022-5909-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3644" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/169777/red-hat-security-advisory-2022-7811-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3821" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022070641" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022072127" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168228/red-hat-security-advisory-2022-6290-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5749" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb20220720108" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022022109" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/167671/red-hat-security-advisory-2022-5244-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022042116" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022061722" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.4460" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060122" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168351/red-hat-security-advisory-2022-6430-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031502" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022070538" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168022/red-hat-security-advisory-2022-6024-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0785.2" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168054/red-hat-security-advisory-2022-6040-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3554" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3873" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/168265/red-hat-security-advisory-2022-6346-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.4324" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166254/ubuntu-security-notice-usn-5320-1.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/167778/red-hat-security-advisory-2022-5673-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.4568" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.4601" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.4744" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.5, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.5, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2022-25313" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2022-29824" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-40528" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-2097" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-1292" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-1586" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-2068" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-32206" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-32208" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2022-2526" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-1271" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3634" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-30629" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-30631" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2022-29154" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-36084" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-36085" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-27776" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-20838" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-27774" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-4189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20095" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-24407" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-5827" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3580" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-38561" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24370" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-23177" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-17594" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-27782" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3737" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14155" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-19603" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-42771" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-21698" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-22576" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-13750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-36087" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20231" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-13751" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20232" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-25219" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-31566" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-17595" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-36086" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-1729" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-18218" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-28493" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-25032" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-13435" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-24675" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-32148" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1962" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-30630" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-1705" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-1962" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-1785" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-1897" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-1927" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/expat/2.2.5-3ubuntu0.7" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/expat/2.4.1-2ubuntu0.3" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-5320-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/expat/2.2.9-1ubuntu0.4" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1963903" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-28327" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:5068" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1629" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24921" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-27191" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-29162" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23772" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1621" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1706" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-18874" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28493" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18874" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23806" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:5070" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24903" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23773" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0778" }, { "trust": 0.1, "url": "https://submariner.io/getting-started/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6346" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-30635" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29824" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-28131" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28131" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-30633" }, { "trust": 0.1, "url": "https://submariner.io/." }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-30632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30629" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/submariner#submariner-deploy-console" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-26691" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3634" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24675" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6430" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26116" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-21123" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-32250" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-21166" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-21125" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1966" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3177" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1966" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1012" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26137" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3177" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6271" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-31129" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8559" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0691" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28500" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0686" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23337" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0639" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:6429" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0512" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1650" } ], "sources": [ { "db": "VULHUB", "id": "VHN-415281" }, { "db": "PACKETSTORM", "id": "166254" }, { "db": "PACKETSTORM", "id": "168036" }, { "db": "PACKETSTORM", "id": "168265" }, { "db": "PACKETSTORM", "id": "168351" }, { "db": "PACKETSTORM", "id": "168213" }, { "db": "PACKETSTORM", "id": "168352" }, { "db": "CNNVD", "id": "CNNVD-202202-1606" }, { "db": "NVD", "id": "CVE-2022-25314" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-415281" }, { "db": "VULMON", "id": "CVE-2022-25314" }, { "db": "PACKETSTORM", "id": "166254" }, { "db": "PACKETSTORM", "id": "168036" }, { "db": "PACKETSTORM", "id": "168265" }, { "db": "PACKETSTORM", "id": "168351" }, { "db": "PACKETSTORM", "id": "168213" }, { "db": "PACKETSTORM", "id": "168352" }, { "db": "CNNVD", "id": "CNNVD-202202-1606" }, { "db": "NVD", "id": "CVE-2022-25314" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-18T00:00:00", "db": "VULHUB", "id": "VHN-415281" }, { "date": "2022-02-18T00:00:00", "db": "VULMON", "id": "CVE-2022-25314" }, { "date": "2022-03-10T17:14:11", "db": "PACKETSTORM", "id": "166254" }, { "date": "2022-08-10T15:54:58", "db": "PACKETSTORM", "id": "168036" }, { "date": "2022-09-07T16:37:33", "db": "PACKETSTORM", "id": "168265" }, { "date": "2022-09-13T15:41:58", "db": "PACKETSTORM", "id": "168351" }, { "date": "2022-09-01T16:30:25", "db": "PACKETSTORM", "id": "168213" }, { "date": "2022-09-13T15:42:14", "db": "PACKETSTORM", "id": "168352" }, { "date": "2022-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-1606" }, { "date": "2022-02-18T05:15:08.187000", "db": "NVD", "id": "CVE-2022-25314" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-10-05T00:00:00", "db": "VULHUB", "id": "VHN-415281" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2022-25314" }, { "date": "2022-11-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202202-1606" }, { "date": "2023-11-07T03:44:45.757000", "db": "NVD", "id": "CVE-2022-25314" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-1606" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Expat Input validation error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-1606" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202202-1606" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.