var-202206-1961
Vulnerability from variot

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: curl security update Advisory ID: RHSA-2022:6159-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6159 Issue date: 2022-08-24 CVE Names: CVE-2022-32206 CVE-2022-32208 ==================================================================== 1. Summary:

An update for curl is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

  1. Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: HTTP compression denial of service (CVE-2022-32206)

  • curl: FTP-KRB bad message verification (CVE-2022-32208)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification

  1. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source: curl-7.61.1-22.el8_6.4.src.rpm

aarch64: curl-7.61.1-22.el8_6.4.aarch64.rpm curl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm curl-debugsource-7.61.1-22.el8_6.4.aarch64.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm libcurl-7.61.1-22.el8_6.4.aarch64.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm libcurl-devel-7.61.1-22.el8_6.4.aarch64.rpm libcurl-minimal-7.61.1-22.el8_6.4.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm

ppc64le: curl-7.61.1-22.el8_6.4.ppc64le.rpm curl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm curl-debugsource-7.61.1-22.el8_6.4.ppc64le.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-devel-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-minimal-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm

s390x: curl-7.61.1-22.el8_6.4.s390x.rpm curl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm curl-debugsource-7.61.1-22.el8_6.4.s390x.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm libcurl-7.61.1-22.el8_6.4.s390x.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm libcurl-devel-7.61.1-22.el8_6.4.s390x.rpm libcurl-minimal-7.61.1-22.el8_6.4.s390x.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm

x86_64: curl-7.61.1-22.el8_6.4.x86_64.rpm curl-debuginfo-7.61.1-22.el8_6.4.i686.rpm curl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm curl-debugsource-7.61.1-22.el8_6.4.i686.rpm curl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm libcurl-7.61.1-22.el8_6.4.i686.rpm libcurl-7.61.1-22.el8_6.4.x86_64.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm libcurl-devel-7.61.1-22.el8_6.4.i686.rpm libcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm libcurl-minimal-7.61.1-22.el8_6.4.i686.rpm libcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYwa9b9zjgjWX9erEAQi1rQ/+Kw4R4cPAIlGUx4vJwSMw8zwCDxnLviV+ YgCpaCuUwCkWI9hrAQNC1O5i2MSl7j8jI9dt0Oe770VwNIZPzJMK8MX96zYdeOsg EiuwTW5KTWKwCeAvPt6ydVji9R0N7FMDBxmdi1aE8gBt8J6pIwp4ozrR4jXiXCjB dQJlc2kf7YXDiengte1jpXNCFh2ar9t8lqmW53Hu05zR8VFdAPk6NM1kTIploICN blR9t80TbWouBvN2A6gIZ0ZWnbJOY9odCBHdo5ay8kufmQC0K9QKb7jyoaUUHVau 5/HVbncd7bFQuyu+yGoOxU1TCxwee3B9LAmR4uzDdJcaTxPgvK2cyskdTVz+9N9k nJLDYGaL7UNC7YkbByN58VC6fdGsnn8QIXHg7ICTgdhYiPZ3uP5JUiDrAGKKb/v+ XPtwYHuh6yX0OfS0JqFEMjR0P1rFLiuDNBOPBDiTV2mBVd+7kiNTs1izUDGwQeFd VaNNNU4kpD3FGOgRwxIAKz2qCX+Ody8goBeJJPGcVlmDp025ZrMisl1QC8/3eTas ML+TSvTeaSY/I35uPzKsoh1f+/lAwUsB54I6NxHH3vWYryievuSdpjtNsQInACjw owX+pU5CfOwdD56Hqdhb7fjuJVufo6VC8b0zy/vSZYnNt0cfojXA73F3B1K5+XcF bBkTeh+fqsg=powM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:

OpenShift sandboxed containers 1.3.1 is now available. Description:

OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime.

Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. Bugs fixed (https://bugzilla.redhat.com/):

2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2118556 - CVE-2022-2832 blender: Null pointer reference in blender thumbnail extractor

  1. JIRA issues fixed (https://issues.jboss.org/):

KATA-1751 - CVE-2022-24675 osc-operator-container: golang: encoding/pem: fix stack overflow in Decode [rhosc-1] KATA-1752 - CVE-2022-28327 osc-operator-container: golang: crypto/elliptic: panic caused by oversized scalar [rhosc-1] KATA-1754 - OSC Pod security issue in 4.12 prevents subscribing to operator KATA-1758 - CVE-2022-30632 osc-operator-container: golang: path/filepath: stack exhaustion in Glob [rhosc-1]

  1. ========================================================================== Ubuntu Security Notice USN-5495-1 June 27, 2022

curl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.04 LTS
  • Ubuntu 21.10
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in curl. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)

Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206)

Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)

Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-diddle attack. (CVE-2022-32208)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.3 libcurl3-gnutls 7.81.0-1ubuntu1.3 libcurl3-nss 7.81.0-1ubuntu1.3 libcurl4 7.81.0-1ubuntu1.3

Ubuntu 21.10: curl 7.74.0-1.3ubuntu2.3 libcurl3-gnutls 7.74.0-1.3ubuntu2.3 libcurl3-nss 7.74.0-1.3ubuntu2.3 libcurl4 7.74.0-1.3ubuntu2.3

Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.12 libcurl3-gnutls 7.68.0-1ubuntu2.12 libcurl3-nss 7.68.0-1ubuntu2.12 libcurl4 7.68.0-1ubuntu2.12

Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.19 libcurl3-gnutls 7.58.0-2ubuntu3.19 libcurl3-nss 7.58.0-2ubuntu3.19 libcurl4 7.58.0-2ubuntu3.19

In general, a standard system update will make all the necessary changes. Description:

Red Hat Advanced Cluster Management for Kubernetes 2.5.2 images

Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/

Security fixes:

  • moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)
  • vm2: Sandbox Escape in vm2 (CVE-2022-36067)

Bug fixes:

  • Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters (BZ# 2074547)

  • OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constrain (BZ# 2082254)

  • subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec (BZ# 2083659)

  • Yaml editor for creating vSphere cluster moves to next line after typing (BZ# 2086883)

  • Submariner addon status doesn't track all deployment failures (BZ# 2090311)

  • Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret (BZ# 2091170)

  • After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors (BZ# 2095481)

  • Enforce failed and report the violation after modified memory value in limitrange policy (BZ# 2100036)

  • Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" (BZ# 2101577)

  • Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies (BZ# 2102273)

  • managed cluster is in "unknown" state for 120 mins after OADP restore

  • RHACM 2.5.2 images (BZ# 2104553)

  • Subscription UI does not allow binding to label with empty value (BZ# 2104961)

  • Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ# 2106069)

  • Region information is not available for Azure cloud in managedcluster CR (BZ# 2107134)

  • cluster uninstall log points to incorrect container name (BZ# 2107359)

  • ACM shows wrong path for Argo CD applicationset git generator (BZ# 2107885)

  • Single node checkbox not visible for 4.11 images (BZ# 2109134)

  • Unable to deploy hypershift cluster when enabling validate-cluster-security (BZ# 2109544)

  • Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application (BZ# 20110026)

  • After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating (BZ# 2117728)

  • pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)

  • ArgoCD and AppSet Applications do not deploy to local-cluster (BZ# 2124707)

  • Solution:

For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions about installing this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing

  1. Bugs fixed (https://bugzilla.redhat.com/):

2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters 2082254 - OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constraint 2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec 2086883 - Yaml editor for creating vSphere cluster moves to next line after typing 2090311 - Submariner addon status doesn't track all deployment failures 2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret 2095481 - After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors 2100036 - Enforce failed and report the violation after modified memory value in limitrange policy 2101577 - Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" 2102273 - Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies 2103653 - managed cluster is in "unknown" state for 120 mins after OADP restore 2104553 - RHACM 2.5.2 images 2104961 - Subscription UI does not allow binding to label with empty value 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD 2107134 - Region information is not available for Azure cloud in managedcluster CR 2107359 - cluster uninstall log points to incorrect container name 2107885 - ACM shows wrong path for Argo CD applicationset git generator 2109134 - Single node checkbox not visible for 4.11 images 2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application 2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating 2122292 - pods in CrashLoopBackoff on 3.11 managed cluster 2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2

  1. Bugs fixed (https://bugzilla.redhat.com/):

2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

  1. Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:

Security Fix(es):

  • golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)

  • kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)

  • golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)

  • golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)

  • golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)

  • golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

  • golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)

  • golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)

  • golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)

  • golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)

  • golang: syscall: faccessat checks wrong group (CVE-2022-29526)

  • golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

  • golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

  • golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

  • golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)

  • golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

  • golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

  • golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

RHEL-8-CNV-4.12

============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89

  1. Bugs fixed (https://bugzilla.redhat.com/):

1719190 - Unable to cancel live-migration if virt-launcher pod in pending state 2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040377 - Unable to delete failed VMIM after VM deleted 2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed 2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control 2060499 - [RFE] Cannot add additional service (or other objects) to VM template 2069098 - Large scale |VMs migration is slow due to low migration parallelism 2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2071491 - Storage Throughput metrics are incorrect in Overview 2072797 - Metrics in Virtualization -> Overview period is not clear or configurable 2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers 2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode 2086551 - Min CPU feature found in labels 2087724 - Default template show no boot source even there are auto-upload boot sources 2088129 - [SSP] webhook does not comply with restricted security context 2088464 - [CDI] cdi-deployment does not comply with restricted security context 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR 2089744 - HCO should label its control plane namespace to admit pods at privileged security level 2089751 - 4.12.0 containers 2089804 - 4.12.0 rpms 2091856 - ?Edit BootSource? action should have more explicit information when disabled 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer 2093771 - The disk source should be PVC if the template has no auto-update boot source 2093996 - kubectl get vmi API should always return primary interface if exist 2094202 - Cloud-init username field should have hint 2096285 - KubeVirt CR API documentation is missing docs for many fields 2096780 - [RFE] Add ssh-key and sysprep to template scripts tab 2097436 - Online disk expansion ignores filesystem overhead change 2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP 2099556 - [RFE] Add option to enable RDP service for windows vm 2099573 - [RFE] Improve template's message about not editable 2099923 - [RFE] Merge "SSH access" and "SSH command" into one 2100290 - Error is not dismissed on catalog review page 2100436 - VM list filtering ignores VMs in error-states 2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2100629 - Update nested support KBASE article 2100679 - The number of hardware devices is not correct in vm overview tab 2100682 - All hardware devices get deleted while just delete one 2100684 - Workload profile are not editable during creation and after creation 2101144 - VM filter has two "Other" checkboxes which are triggered together 2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode 2101167 - Edit buttons clickable area is too large. 2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id 2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state 2101390 - Easy to miss the "tick" when adding GPU device to vm via UI 2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id 2101423 - wrong user name on using ignition 2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page 2101445 - "Pending changes - Boot Order" 2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user 2101499 - Cannot add NIC to VM template as non-priv user 2101501 - NAME parameter in VM template has no effect. 2101628 - non-priv user cannot load dataSource while edit template's rootdisk 2101667 - VMI view is not aligned with vm and tempates 2101681 - All templates are labeling "source available" in template list page 2102074 - VM Creation time on VM Overview Details card lacks string 2102125 - vm clone modal is displaying DV size instead of PVC size 2102132 - align the utilization card of single VM overview with the design 2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"? 2102256 - Add button moved to right 2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal 2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other' 2102561 - sysprep-info should link to downstream doc 2102737 - Clone a VM should lead to vm overview tab 2102740 - "Save" button on vm clone modal should be "Clone" 2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab 2103807 - PVC is not named by VM name while creating vm quickly 2103817 - Workload profile values in vm details should align with template's value 2103844 - VM nic model is empty 2104331 - VM list page scroll up automatically 2104402 - VM create button is not enabled while adding multiple environment disks 2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed 2104424 - Enable descheduler or hide it on template's scheduling tab 2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted 2104480 - Alerts in VM overview tab disappeared after a few seconds 2104785 - "Add disk" and "Disks" are on the same line 2104859 - [RFE] Add "Copy SSH command" to VM action list 2105257 - Can't set log verbosity level for virt-operator pod 2106175 - All pages are crashed after visit Virtualization -> Overview 2106963 - Cannot add configmap for windows VM 2107279 - VM Template's bootable disk can be marked as bootable 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2108339 - datasource does not provide timestamp when updated 2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed 2109818 - Upstream metrics documentation is not detailed enough 2109975 - DataVolume fails to import "cirros-container-disk-demo" image 2110256 - Storage -> PVC -> upload data, does not support source reference 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls 2111240 - GiB changes to B in Template's Edit boot source reference modal 2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics 2111328 - kubevirt plugin console crashed after visit vmi page 2111378 - VM SSH command generated by UI points at api VIP 2111744 - Cloned template should not label app.kubernetes.io/name: common-templates 2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi) 2112900 - button style are different 2114516 - Nothing happens after clicking on Fedora cloud image list link 2114636 - The style of displayed items are not unified on VM tabs 2114683 - VM overview tab is crashed just after the vm is created 2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12 2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass 2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items 2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates 2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF' 2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found" 2117549 - Cannot edit cloud-init data after add ssh key 2117803 - Cannot edit ssh even vm is stopped 2117813 - Improve descriptive text of VM details while VM is off 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs 2118257 - outdated doc link tolerations modal 2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format 2119069 - Unable to start windows VMs on PSI setups 2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2119309 - readinessProbe in VM stays on failed 2119615 - Change the disk size causes the unit changed 2120907 - Cannot filter disks by label 2121320 - Negative values in migration metrics 2122236 - Failing to delete HCO with SSP sticking around 2122990 - VMExport should check APIGroup 2124147 - "ReadOnlyMany" should not be added to supported values in memory dump 2124307 - Ui crash/stuck on loading when trying to detach disk on a VM 2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it 2124555 - View documentation link on MigrationPolicies page des not work 2124557 - MigrationPolicy description is not displayed on Details page 2124558 - Non-privileged user can start MigrationPolicy creation 2124565 - Deleted DataSource reappears in list 2124572 - First annotation can not be added to DataSource 2124582 - Filtering VMs by OS does not work 2124594 - Docker URL validation is inconsistent over application 2124597 - Wrong case in Create DataSource menu 2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile 2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state 2127787 - Expose the PVC source of the dataSource on UI 2127843 - UI crashed by selecting "Live migration network" 2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes 2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer 2128002 - Error after VM template deletion 2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards 2128872 - [4.11]Can't restore cloned VM 2128948 - Cannot create DataSource from default YAML 2128949 - Cannot create MigrationPolicy from example YAML 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2129013 - Mark Windows 11 as TechPreview 2129234 - Service is not deleted along with the VM when the VM is created from a template with service 2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data' 2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook 2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV 2130588 - crypto-policy : Common Ciphers support by apiserver and hco 2130695 - crypto-policy : Logging Improvement and publish the source of ciphers 2130909 - Non-privileged user can start DataSource creation 2131157 - KV data transfer rate chart in VM Metrics tab is not displayed 2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough 2131674 - Bump virtlogd memory requirement to 20Mi 2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11 2132682 - Default YAML entity name convention. 2132721 - Delete dialogs 2132744 - Description text is missing in Live Migrations section 2132746 - Background is broken in Virtualization Monitoring page 2132783 - VM can not be created from Template with edited boot source 2132793 - Edited Template BSR is not saved 2132932 - Typo in PVC size units menu 2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed 2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed 2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed 2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed 2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed 2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed 2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed 2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed 2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod 2134672 - [e2e] add data-test-id for catalog -> storage section 2134825 - Authorization for expand-spec endpoint missing 2135805 - Windows 2022 template is missing vTPM and UEFI params in spec 2136051 - Name jumping when trying to create a VM with source from catalog 2136425 - Windows 11 is detected as Windows 10 2136534 - Not possible to specify a TTL on VMExports 2137123 - VMExport: export pod is not PSA complaint 2137241 - Checkbox about delete vm disks is not loaded while deleting VM 2137243 - registery input add docker prefix twice 2137349 - "Manage source" action infinitely loading on DataImportCron details page 2137591 - Inconsistent dialog headings/titles 2137731 - Link of VM status in overview is not working 2137733 - No link for VMs in error status in "VirtualMachine statuses" card 2137736 - The column name "MigrationPolicy name" can just be "Name" 2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly 2138112 - Unsupported S3 endpoint option in Add disk modal 2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals 2138199 - Win11 and Win22 templates are not filtered properly by Template provider 2138653 - Saving Template prameters reloads the page 2138657 - Setting DATA_SOURCE_ Template parameters makes VM creation fail 2138664 - VM that was created with SSH key fails to start 2139257 - Cannot add disk via "Using an existing PVC" 2139260 - Clone button is disabled while VM is running 2139293 - Non-admin user cannot load VM list page 2139296 - Non-admin cannot load MigrationPolicies page 2139299 - No auto-generated VM name while creating VM by non-admin user 2139306 - Non-admin cannot create VM via customize mode 2139479 - virtualization overview crashes for non-priv user 2139574 - VM name gets "emptyname" if click the create button quickly 2139651 - non-priv user can click create when have no permissions 2139687 - catalog shows template list for non-priv users 2139738 - [4.12]Can't restore cloned VM 2139820 - non-priv user cant reach vm details 2140117 - Provide upgrade path from 4.11.1->4.12.0 2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project 2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user 2140627 - Not able to select storageClass if there is no default storageclass defined 2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user 2140808 - Hyperv feature set to "enabled: false" prevents scheduling 2140977 - Alerts number is not correct on Virtualization overview 2140982 - The base template of cloned template is "Not available" 2140998 - Incorrect information shows in overview page per namespace 2141089 - Unable to upload boot images. 2141302 - Unhealthy states alerts and state metrics are missing 2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations 2141494 - "Start in pause mode" option is not available while creating the VM 2141654 - warning log appearing on VMs: found no SR-IOV networks 2141711 - Node column selector is redundant for non-priv user 2142468 - VM action "Stop" should not be disabled when VM in pause state 2142470 - Delete a VM or template from all projects leads to 404 error 2142511 - Enhance alerts card in overview 2142647 - Error after MigrationPolicy deletion 2142891 - VM latency checkup: Failed to create the checkup's Job 2142929 - Permission denied when try get instancestypes 2143268 - Topolvm storageProfile missing accessModes and volumeMode 2143498 - Could not load template while creating VM from catalog 2143964 - Could not load template while creating VM from catalog 2144580 - "?" icon is too big in VM Template Disk tab 2144828 - "?" icon is too big in VM Template Disk tab 2144839 - Alerts number is not correct on Virtualization overview 2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten 2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container

5

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202206-1961",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "universal forwarder",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.1.0"
      },
      {
        "model": "clustered data ontap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.0"
      },
      {
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.0"
      },
      {
        "model": "universal forwarder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.0"
      },
      {
        "model": "bootstrap os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "9.0.6"
      },
      {
        "model": "h300s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "curl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.16.4"
      },
      {
        "model": "h410s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "curl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "haxx",
        "version": "7.84.0"
      },
      {
        "model": "element software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "h500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "universal forwarder",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "splunk",
        "version": "8.2.12"
      },
      {
        "model": "h700s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.84.0",
                "versionStartIncluding": "7.16.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.0.6",
                "versionStartIncluding": "9.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.2.12",
                "versionStartIncluding": "8.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168158"
      },
      {
        "db": "PACKETSTORM",
        "id": "169443"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168503"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2022-32208",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-424135",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-32208",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-424135",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: curl security update\nAdvisory ID:       RHSA-2022:6159-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:6159\nIssue date:        2022-08-24\nCVE Names:         CVE-2022-32206 CVE-2022-32208\n====================================================================\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: HTTP compression denial of service (CVE-2022-32206)\n\n* curl: FTP-KRB bad message verification (CVE-2022-32208)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ncurl-7.61.1-22.el8_6.4.src.rpm\n\naarch64:\ncurl-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\n\nppc64le:\ncurl-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\n\ns390x:\ncurl-7.61.1-22.el8_6.4.s390x.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.s390x.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\n\nx86_64:\ncurl-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.i686.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYwa9b9zjgjWX9erEAQi1rQ/+Kw4R4cPAIlGUx4vJwSMw8zwCDxnLviV+\nYgCpaCuUwCkWI9hrAQNC1O5i2MSl7j8jI9dt0Oe770VwNIZPzJMK8MX96zYdeOsg\nEiuwTW5KTWKwCeAvPt6ydVji9R0N7FMDBxmdi1aE8gBt8J6pIwp4ozrR4jXiXCjB\ndQJlc2kf7YXDiengte1jpXNCFh2ar9t8lqmW53Hu05zR8VFdAPk6NM1kTIploICN\nblR9t80TbWouBvN2A6gIZ0ZWnbJOY9odCBHdo5ay8kufmQC0K9QKb7jyoaUUHVau\n5/HVbncd7bFQuyu+yGoOxU1TCxwee3B9LAmR4uzDdJcaTxPgvK2cyskdTVz+9N9k\nnJLDYGaL7UNC7YkbByN58VC6fdGsnn8QIXHg7ICTgdhYiPZ3uP5JUiDrAGKKb/v+\nXPtwYHuh6yX0OfS0JqFEMjR0P1rFLiuDNBOPBDiTV2mBVd+7kiNTs1izUDGwQeFd\nVaNNNU4kpD3FGOgRwxIAKz2qCX+Ody8goBeJJPGcVlmDp025ZrMisl1QC8/3eTas\nML+TSvTeaSY/I35uPzKsoh1f+/lAwUsB54I6NxHH3vWYryievuSdpjtNsQInACjw\nowX+pU5CfOwdD56Hqdhb7fjuJVufo6VC8b0zy/vSZYnNt0cfojXA73F3B1K5+XcF\nbBkTeh+fqsg=powM\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nOpenShift sandboxed containers 1.3.1 is now available. Description:\n\nOpenShift sandboxed containers support for OpenShift Container Platform\nprovides users with built-in support for running Kata containers as an\nadditional, optional runtime. \n\nSpace precludes documenting all of the updates to OpenShift sandboxed\ncontainers in this advisory. Bugs fixed (https://bugzilla.redhat.com/):\n\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2118556 - CVE-2022-2832 blender: Null pointer reference in blender thumbnail extractor\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nKATA-1751 - CVE-2022-24675 osc-operator-container: golang: encoding/pem: fix stack overflow in Decode [rhosc-1]\nKATA-1752 - CVE-2022-28327 osc-operator-container: golang: crypto/elliptic: panic caused by oversized scalar [rhosc-1]\nKATA-1754 - OSC Pod security issue in 4.12 prevents subscribing to operator\nKATA-1758 - CVE-2022-30632 osc-operator-container: golang: path/filepath: stack exhaustion in Glob [rhosc-1]\n\n6. ==========================================================================\nUbuntu Security Notice USN-5495-1\nJune 27, 2022\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \nAn attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)\n\nHarry Sintonen discovered that curl incorrectly handled certain HTTP compressions. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-32206)\n\nHarry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)\n\nHarry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. \nAn attacker could possibly use this to perform a machine-in-the-diddle attack. \n(CVE-2022-32208)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n  curl                            7.81.0-1ubuntu1.3\n  libcurl3-gnutls                 7.81.0-1ubuntu1.3\n  libcurl3-nss                    7.81.0-1ubuntu1.3\n  libcurl4                        7.81.0-1ubuntu1.3\n\nUbuntu 21.10:\n  curl                            7.74.0-1.3ubuntu2.3\n  libcurl3-gnutls                 7.74.0-1.3ubuntu2.3\n  libcurl3-nss                    7.74.0-1.3ubuntu2.3\n  libcurl4                        7.74.0-1.3ubuntu2.3\n\nUbuntu 20.04 LTS:\n  curl                            7.68.0-1ubuntu2.12\n  libcurl3-gnutls                 7.68.0-1ubuntu2.12\n  libcurl3-nss                    7.68.0-1ubuntu2.12\n  libcurl4                        7.68.0-1ubuntu2.12\n\nUbuntu 18.04 LTS:\n  curl                            7.58.0-2ubuntu3.19\n  libcurl3-gnutls                 7.58.0-2ubuntu3.19\n  libcurl3-nss                    7.58.0-2ubuntu3.19\n  libcurl4                        7.58.0-2ubuntu3.19\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.5.2 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/\n\nSecurity fixes:\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* Submariner Globalnet e2e tests failed on MTU between On-Prem to Public\nclusters (BZ# 2074547)\n\n* OCP 4.11 - Install fails because of: pods\n\"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate\nagainst any security context constrain (BZ# 2082254)\n\n* subctl gather fails to gather libreswan data if CableDriver field is\nmissing/empty in Submariner Spec (BZ# 2083659)\n\n* Yaml editor for creating vSphere cluster moves to next line after typing\n(BZ# 2086883)\n\n* Submariner addon status doesn\u0027t track all deployment failures (BZ#\n2090311)\n\n* Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn\nwithout including s3 secret (BZ# 2091170)\n\n* After switching to ACM 2.5 the managed clusters log \"unable to create\nClusterClaim\" errors (BZ# 2095481)\n\n* Enforce failed and report the violation after modified memory value in\nlimitrange policy (BZ# 2100036)\n\n* Creating an application fails with \"This application has no subscription\nmatch selector (spec.selector.matchExpressions)\" (BZ# 2101577)\n\n* Inconsistent cluster resource statuses between \"All Subscription\"\ntopology and individual topologies (BZ# 2102273)\n\n* managed cluster is in \"unknown\" state for 120 mins after OADP restore\n\n* RHACM 2.5.2 images (BZ# 2104553)\n\n* Subscription UI does not allow binding to label with empty value (BZ#\n2104961)\n\n* Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ#\n2106069)\n\n* Region information is not available for Azure cloud in managedcluster CR\n(BZ# 2107134)\n\n* cluster uninstall log points to incorrect container name (BZ# 2107359)\n\n* ACM shows wrong path for Argo CD applicationset git generator (BZ#\n2107885)\n\n* Single node checkbox not visible for 4.11 images (BZ# 2109134)\n\n* Unable to deploy hypershift cluster when enabling\nvalidate-cluster-security (BZ# 2109544)\n\n* Deletion of Application (including app related resources) from the\nconsole fails to delete PlacementRule for the application (BZ# 20110026)\n\n* After the creation by a policy of job or deployment (in case the object\nis missing)ACM is trying to add new containers instead of updating (BZ#\n2117728)\n\n* pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)\n\n* ArgoCD and AppSet Applications do not deploy to local-cluster (BZ#\n2124707)\n\n3. Solution:\n\nFor Red Hat Advanced Cluster Management for Kubernetes, see the following\ndocumentation, which will be updated shortly for this release, for\nimportant\ninstructions about installing this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters\n2082254 - OCP 4.11 - Install fails because of: pods \"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate against any security context constraint\n2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec\n2086883 - Yaml editor for creating vSphere cluster moves to next line after typing\n2090311 - Submariner addon status doesn\u0027t track all deployment failures\n2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret\n2095481 - After switching to ACM 2.5 the managed clusters log \"unable to create ClusterClaim\" errors\n2100036 - Enforce failed and report the violation after modified memory value in limitrange policy\n2101577 - Creating an application fails with \"This application has no subscription match selector (spec.selector.matchExpressions)\"\n2102273 - Inconsistent cluster resource statuses between \"All Subscription\" topology and individual topologies\n2103653 - managed cluster is in \"unknown\" state for 120 mins after OADP restore\n2104553 - RHACM 2.5.2 images\n2104961 - Subscription UI does not allow binding to label with empty value\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD\n2107134 - Region information is not available for Azure cloud in managedcluster CR\n2107359 - cluster uninstall log points to incorrect container name\n2107885 - ACM shows wrong path for Argo CD applicationset git generator\n2109134 - Single node checkbox not visible for 4.11 images\n2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application\n2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating\n2122292 - pods in CrashLoopBackoff on 3.11 managed cluster\n2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster\n2124794 - CVE-2022-36067 vm2:  Sandbox Escape in vm2\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. This advisory contains the following\nOpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions\n(CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit\nX-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift  Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      },
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "db": "PACKETSTORM",
        "id": "168158"
      },
      {
        "db": "PACKETSTORM",
        "id": "169443"
      },
      {
        "db": "PACKETSTORM",
        "id": "167661"
      },
      {
        "db": "PACKETSTORM",
        "id": "167607"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168503"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-32208",
        "trust": 1.9
      },
      {
        "db": "HACKERONE",
        "id": "1590071",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "167661",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168289",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168503",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "167607",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168378",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168158",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168284",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168275",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168174",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168347",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168301",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-424135",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169443",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "170741",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "db": "PACKETSTORM",
        "id": "168158"
      },
      {
        "db": "PACKETSTORM",
        "id": "169443"
      },
      {
        "db": "PACKETSTORM",
        "id": "167661"
      },
      {
        "db": "PACKETSTORM",
        "id": "167607"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168503"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "id": "VAR-202206-1961",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T19:33:18.254000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht213488"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2022/dsa-5197"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2022/oct/28"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2022/oct/41"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/202212-01"
      },
      {
        "trust": 1.1,
        "url": "https://hackerone.com/reports/1590071"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
      },
      {
        "trust": 0.6,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-32206"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2022-32208"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1586"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1897"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-29154"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-2097"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1927"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1785"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-1292"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-2068"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-34903"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-0391"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-20107"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-30631"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-40674"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-30632"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-2526"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
      },
      {
        "trust": 0.2,
        "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6159"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24675"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30632"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.11/sandboxed_containers/sandboxed-containers-release-notes.html"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:7058"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24675"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2832"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2832"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5499-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5495-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6507"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32250"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-36067"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1012"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32250"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-31129"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6182"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21166"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-34903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21123"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21123"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21166"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21125"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:6560"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21125"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:0408"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30698"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30629"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26716"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27406"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30293"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23772"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35525"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28131"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-38561"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22662"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35527"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-29526"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0256"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30633"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-42898"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22629"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23773"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30630"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24795"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26719"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1962"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30635"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-2509"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44716"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26700"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27405"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-26710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25309"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-27404"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-30699"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-25310"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-32148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23806"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1798"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-22628"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0934"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-0308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-37434"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-44717"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3515"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "db": "PACKETSTORM",
        "id": "168158"
      },
      {
        "db": "PACKETSTORM",
        "id": "169443"
      },
      {
        "db": "PACKETSTORM",
        "id": "167661"
      },
      {
        "db": "PACKETSTORM",
        "id": "167607"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168503"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "db": "PACKETSTORM",
        "id": "168158"
      },
      {
        "db": "PACKETSTORM",
        "id": "169443"
      },
      {
        "db": "PACKETSTORM",
        "id": "167661"
      },
      {
        "db": "PACKETSTORM",
        "id": "167607"
      },
      {
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "db": "PACKETSTORM",
        "id": "168503"
      },
      {
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "date": "2022-08-25T15:25:12",
        "db": "PACKETSTORM",
        "id": "168158"
      },
      {
        "date": "2022-10-20T14:21:57",
        "db": "PACKETSTORM",
        "id": "169443"
      },
      {
        "date": "2022-07-01T14:59:23",
        "db": "PACKETSTORM",
        "id": "167661"
      },
      {
        "date": "2022-06-28T15:26:16",
        "db": "PACKETSTORM",
        "id": "167607"
      },
      {
        "date": "2022-09-14T15:08:07",
        "db": "PACKETSTORM",
        "id": "168378"
      },
      {
        "date": "2022-09-07T17:09:04",
        "db": "PACKETSTORM",
        "id": "168289"
      },
      {
        "date": "2022-09-26T15:37:32",
        "db": "PACKETSTORM",
        "id": "168503"
      },
      {
        "date": "2023-01-26T15:29:09",
        "db": "PACKETSTORM",
        "id": "170741"
      },
      {
        "date": "2022-07-07T13:15:08.467000",
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-424135"
      },
      {
        "date": "2024-03-27T15:00:41.657000",
        "db": "NVD",
        "id": "CVE-2022-32208"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "167661"
      }
    ],
    "trust": 0.1
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat Security Advisory 2022-6159-01",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168158"
      }
    ],
    "trust": 0.1
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.