All the vulnerabilites related to Fedora - Extra Packages for Enterprise Linux
cve-2023-34318
Vulnerability from cvelistv5
Published
2023-07-10 17:16
Modified
2024-10-01 16:13
Severity ?
EPSS score ?
Summary
Heap-buffer-overflow in src/hcom.c
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-34318 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2212283 | issue-tracking, x_refsource_REDHAT |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-34318"
},
{
"name": "RHBZ#2212283",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212283"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T16:11:54.468770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T16:13:25.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "sox",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "sox",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "sox",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "sox",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "sox",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-05T00:00:00Z",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T17:16:59.692Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-34318"
},
{
"name": "RHBZ#2212283",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212283"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-11T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-05T00:00:00Z",
"value": "Made public."
}
],
"title": "Heap-buffer-overflow in src/hcom.c",
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-34318",
"datePublished": "2023-07-10T17:16:59.692Z",
"dateReserved": "2023-06-06T07:28:27.555Z",
"dateUpdated": "2024-10-01T16:13:25.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4135
Vulnerability from cvelistv5
Published
2023-08-04 13:19
Modified
2024-08-02 07:17
Severity ?
EPSS score ?
Summary
Out-of-bounds read information disclosure vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-4135 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2229101 | issue-tracking, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20230915-0012/ | ||
| https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521 |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4135"
},
{
"name": "RHBZ#2229101",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229101"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230915-0012/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu-kvm",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "8.1.0"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Trend Micro Zero Day Initiative for reporting this issue."
}
],
"datePublic": "2023-08-03T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T01:32:54.867Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4135"
},
{
"name": "RHBZ#2229101",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229101"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230915-0012/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-03T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-08-03T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Out-of-bounds read information disclosure vulnerability",
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4135",
"datePublished": "2023-08-04T13:19:15.760Z",
"dateReserved": "2023-08-03T09:52:00.316Z",
"dateUpdated": "2024-08-02T07:17:11.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38253
Vulnerability from cvelistv5
Published
2023-07-14 17:07
Modified
2025-02-13 17:01
Severity ?
EPSS score ?
Summary
W3m: out of bounds read in growbuf_to_str() at w3m/indep.c
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:11.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-38253"
},
{
"name": "RHBZ#2222779",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222779"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tats/w3m/issues/271"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "w3m",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "w3m",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "w3m",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "w3m",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T02:06:16.683Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-38253"
},
{
"name": "RHBZ#2222779",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222779"
},
{
"url": "https://github.com/tats/w3m/issues/271"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-29T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-29T00:00:00+00:00",
"value": "Made public."
}
],
"title": "W3m: out of bounds read in growbuf_to_str() at w3m/indep.c",
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-38253",
"datePublished": "2023-07-14T17:07:01.468Z",
"dateReserved": "2023-07-13T16:29:56.475Z",
"dateUpdated": "2025-02-13T17:01:49.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34432
Vulnerability from cvelistv5
Published
2023-07-10 20:05
Modified
2024-10-01 16:24
Severity ?
EPSS score ?
Summary
Heap-buffer-overflow in src/formats_i.c
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-34432 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2212291 | issue-tracking, x_refsource_REDHAT |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-34432"
},
{
"name": "RHBZ#2212291",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212291"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T16:23:54.315286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T16:24:35.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "sox",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "sox",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "sox",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "sox",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "sox",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-05T00:00:00Z",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T20:05:39.681Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-34432"
},
{
"name": "RHBZ#2212291",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212291"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-11T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-05T00:00:00Z",
"value": "Made public."
}
],
"title": "Heap-buffer-overflow in src/formats_i.c",
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-34432",
"datePublished": "2023-07-10T20:05:39.681Z",
"dateReserved": "2023-06-06T07:28:27.561Z",
"dateUpdated": "2024-10-01T16:24:35.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26590
Vulnerability from cvelistv5
Published
2023-07-10 17:14
Modified
2024-10-01 15:55
Severity ?
EPSS score ?
Summary
Floating point exception in src/aiff.c
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-26590 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2212279 | issue-tracking, x_refsource_REDHAT |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:53.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-26590"
},
{
"name": "RHBZ#2212279",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212279"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T15:55:18.995799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T15:55:31.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "sox",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "sox",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "sox",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "sox",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "sox",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-05T00:00:00Z",
"descriptions": [
{
"lang": "en",
"value": "A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1077",
"description": "Floating Point Comparison with Incorrect Operator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T17:14:14.297Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-26590"
},
{
"name": "RHBZ#2212279",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212279"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-11T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-05T00:00:00Z",
"value": "Made public."
}
],
"title": "Floating point exception in src/aiff.c",
"x_redhatCweChain": "CWE-1077: Floating Point Comparison with Incorrect Operator"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-26590",
"datePublished": "2023-07-10T17:14:14.297Z",
"dateReserved": "2023-06-06T07:28:27.543Z",
"dateUpdated": "2024-10-01T15:55:31.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4256
Vulnerability from cvelistv5
Published
2023-12-21 16:03
Modified
2025-02-13 17:09
Severity ?
EPSS score ?
Summary
Tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHBZ#2255212",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255212"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/appneta/tcpreplay/issues/813"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3GYCHPVJ2VFN3D7FI4IRMDVMILLWBRF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMW5CIODKRHUUH7NTAYIRWGSJ56DTGXM/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EHUILQV2YJI5TXXXJA5FQ2HJQGFT7NTN/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "tcpreplay",
"vendor": "n/a"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "tcpreplay",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "tcpreplay",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank iskindar97@gmail.com for reporting this issue."
}
],
"datePublic": "2023-07-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Within tcpreplay\u0027s tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-24T02:06:07.371Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHBZ#2255212",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255212"
},
{
"url": "https://github.com/appneta/tcpreplay/issues/813"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3GYCHPVJ2VFN3D7FI4IRMDVMILLWBRF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMW5CIODKRHUUH7NTAYIRWGSJ56DTGXM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EHUILQV2YJI5TXXXJA5FQ2HJQGFT7NTN/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-19T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-07-19T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c",
"x_redhatCweChain": "CWE-415: Double Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4256",
"datePublished": "2023-12-21T16:03:21.837Z",
"dateReserved": "2023-08-08T20:17:30.643Z",
"dateUpdated": "2025-02-13T17:09:26.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3430
Vulnerability from cvelistv5
Published
2023-12-18 13:40
Modified
2024-08-02 06:55
Severity ?
EPSS score ?
Summary
Openimageio: heap-buffer-overflow in file src/gif.imageio/gifinput.cpp
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2218380 | issue-tracking, x_refsource_REDHAT |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | OpenImageIO | |
| Fedora | Extra Packages for Enterprise Linux | |
| Fedora | Fedora |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHBZ#2218380",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenImageIO",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "2.4.12.0"
}
]
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "OpenImageIO",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "OpenImageIO",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-15T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T13:40:05.145Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHBZ#2218380",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218380"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-27T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-15T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Openimageio: heap-buffer-overflow in file src/gif.imageio/gifinput.cpp",
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3430",
"datePublished": "2023-12-18T13:40:05.145Z",
"dateReserved": "2023-06-27T13:55:43.943Z",
"dateUpdated": "2024-08-02T06:55:03.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32665
Vulnerability from cvelistv5
Published
2023-09-14 19:03
Modified
2025-02-13 16:54
Severity ?
EPSS score ?
Summary
Gvariant deserialisation does not match spec for non-normal data
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32665",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-27T17:04:41.563399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T19:16:35.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32665"
},
{
"name": "RHBZ#2211827",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211827"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2121"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-18"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "glib2",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 37",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges William Manley as the original reporter."
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T09:06:01.299Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32665"
},
{
"name": "RHBZ#2211827",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211827"
},
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2121"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"url": "https://security.gentoo.org/glsa/202311-18"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240426-0006/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-24T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-12-14T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Gvariant deserialisation does not match spec for non-normal data",
"x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32665",
"datePublished": "2023-09-14T19:03:58.229Z",
"dateReserved": "2023-05-30T11:48:42.074Z",
"dateUpdated": "2025-02-13T16:54:55.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32611
Vulnerability from cvelistv5
Published
2023-09-14 19:07
Modified
2025-02-13 16:54
Severity ?
EPSS score ?
Summary
G_variant_byteswap() can take a long time with some non-normal inputs
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:35.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32611"
},
{
"name": "RHBZ#2211829",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211829"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2797"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231027-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "glib2",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 38",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges William Manley as the original reporter."
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-27T14:06:18.108Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32611"
},
{
"name": "RHBZ#2211829",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211829"
},
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2797"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231027-0005/"
},
{
"url": "https://security.gentoo.org/glsa/202311-18"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-24T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-12-14T00:00:00+00:00",
"value": "Made public."
}
],
"title": "G_variant_byteswap() can take a long time with some non-normal inputs",
"x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32611",
"datePublished": "2023-09-14T19:07:19.011Z",
"dateReserved": "2023-05-30T11:48:42.101Z",
"dateUpdated": "2025-02-13T16:54:50.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6395
Vulnerability from cvelistv5
Published
2024-01-16 14:33
Modified
2025-02-13 17:26
Severity ?
EPSS score ?
Summary
Mock: privilege escalation for users that can access mock configuration
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6395"
},
{
"name": "RHBZ#2252206",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252206"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xsuchy/templated-dictionary/commit/0740bd0ca8d487301881541028977d120f8b8933"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBFYREAJH4T7GXXQZ4GJEREN4Q3AHS3K/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SP2BJC2AFLFJJAEHPGZ3ZINTBTI7AN/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T20:10:59.775490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T20:12:04.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "mock",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "mock",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mock",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mock",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Sankin Nikita Alexeevich for reporting this issue."
}
],
"datePublic": "2024-01-16T13:52:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T02:06:16.059Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6395"
},
{
"name": "RHBZ#2252206",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252206"
},
{
"url": "https://github.com/xsuchy/templated-dictionary/commit/0740bd0ca8d487301881541028977d120f8b8933"
},
{
"url": "https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/3"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBFYREAJH4T7GXXQZ4GJEREN4Q3AHS3K/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SP2BJC2AFLFJJAEHPGZ3ZINTBTI7AN/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-30T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-16T13:52:00+00:00",
"value": "Made public."
}
],
"title": "Mock: privilege escalation for users that can access mock configuration",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-20: Improper Input Validation"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6395",
"datePublished": "2024-01-16T14:33:02.308Z",
"dateReserved": "2023-11-30T05:34:50.920Z",
"dateUpdated": "2025-02-13T17:26:22.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4255
Vulnerability from cvelistv5
Published
2023-12-21 16:08
Modified
2025-02-13 17:09
Severity ?
EPSS score ?
Summary
W3m: out-of-bounds write in function checktype() in etc.c (incomplete fix for cve-2022-38223)
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHBZ#2255207",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255207"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tats/w3m/issues/268"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tats/w3m/pull/273"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "w3m",
"vendor": "n/a"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "w3m",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "w3m",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank iskindar97@gmail.com for reporting this issue."
}
],
"datePublic": "2023-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T02:06:14.580Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHBZ#2255207",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255207"
},
{
"url": "https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3"
},
{
"url": "https://github.com/tats/w3m/issues/268"
},
{
"url": "https://github.com/tats/w3m/pull/273"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-19T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-12T00:00:00+00:00",
"value": "Made public."
}
],
"title": "W3m: out-of-bounds write in function checktype() in etc.c (incomplete fix for cve-2022-38223)",
"x_redhatCweChain": "CWE-787: Out-of-bounds Write"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4255",
"datePublished": "2023-12-21T16:08:39.691Z",
"dateReserved": "2023-08-08T20:16:01.838Z",
"dateUpdated": "2025-02-13T17:09:26.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4132
Vulnerability from cvelistv5
Published
2023-10-04 11:26
Modified
2024-09-19 14:41
Severity ?
EPSS score ?
Summary
Memory leak on tls connections
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-4132 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2147372 | issue-tracking, x_refsource_REDHAT |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-4132"
},
{
"name": "RHBZ#2147372",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2147372"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:41:27.673796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:41:40.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jss",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "5.5.0"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "jss",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "tomcatjss",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "jss",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "tomcat",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "jss",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "pki-deps:10.6/pki-servlet-engine",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "jss",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "pki-servlet-engine",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_web_server:3"
],
"defaultStatus": "unknown",
"packageName": "tomcat7",
"product": "Red Hat JBoss Web Server 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_web_server:3"
],
"defaultStatus": "unknown",
"packageName": "tomcat8",
"product": "Red Hat JBoss Web Server 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_web_server:5"
],
"defaultStatus": "unaffected",
"packageName": "jws5-tomcat",
"product": "Red Hat JBoss Web Server 5",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "jss",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "jss",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "tomcat",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "tomcat",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2022-11-23T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page)."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-04T11:26:11.191Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-4132"
},
{
"name": "RHBZ#2147372",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2147372"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-11-23T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-11-23T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Memory leak on tls connections",
"x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-4132",
"datePublished": "2023-10-04T11:26:11.191Z",
"dateReserved": "2022-11-23T20:20:38.318Z",
"dateUpdated": "2024-09-19T14:41:40.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32627
Vulnerability from cvelistv5
Published
2023-07-10 17:15
Modified
2025-02-13 16:54
Severity ?
EPSS score ?
Summary
Floating point exception in src/voc.c
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-32627 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2212282 | issue-tracking, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:35.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32627"
},
{
"name": "RHBZ#2212282",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212282"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T16:07:31.411107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T16:08:12.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "sox",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "sox",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "sox",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "sox",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "sox",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1077",
"description": "Floating Point Comparison with Incorrect Operator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-13T18:06:09.708Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32627"
},
{
"name": "RHBZ#2212282",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212282"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-11T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-05T00:00:00Z",
"value": "Made public."
}
],
"title": "Floating point exception in src/voc.c",
"x_redhatCweChain": "CWE-1077: Floating Point Comparison with Incorrect Operator"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32627",
"datePublished": "2023-07-10T17:15:42.063Z",
"dateReserved": "2023-06-06T07:28:27.550Z",
"dateUpdated": "2025-02-13T16:54:52.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4435
Vulnerability from cvelistv5
Published
2024-02-04 19:16
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Yarn: untrusted search path
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2021-4435 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2262284 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1 | ||
| https://github.com/yarnpkg/yarn/releases/tag/v1.22.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4435"
},
{
"name": "RHBZ#2262284",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262284"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yarnpkg/yarn/releases/tag/v1.22.13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "yarn",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "1.22.13"
}
]
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "yarnpkg",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "yarnpkg",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Paul Gerste (Sonar) for reporting this issue."
}
],
"datePublic": "2021-09-20T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T19:16:35.651Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4435"
},
{
"name": "RHBZ#2262284",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262284"
},
{
"url": "https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1"
},
{
"url": "https://github.com/yarnpkg/yarn/releases/tag/v1.22.13"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-23T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2021-09-20T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Yarn: untrusted search path",
"x_redhatCweChain": "CWE-426: Untrusted Search Path"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2021-4435",
"datePublished": "2024-02-04T19:16:35.651Z",
"dateReserved": "2024-02-01T14:23:02.896Z",
"dateUpdated": "2024-08-03T17:30:07.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3301
Vulnerability from cvelistv5
Published
2023-09-13 16:09
Modified
2025-02-13 16:55
Severity ?
EPSS score ?
Summary
Triggerable assertion due to race condition in hot-unplug
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-3301 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2215784 | issue-tracking, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20231020-0008/ |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3301"
},
{
"name": "RHBZ#2215784",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215784"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231020-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T17:39:47.385450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:39:58.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "8.1.0-rc0"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "affected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:13"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm-rhev",
"product": "Red Hat OpenStack Platform 13 (Queens)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Eugenio Perez Martin (Red Hat)."
}
],
"datePublic": "2023-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T14:06:34.548Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3301"
},
{
"name": "RHBZ#2215784",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215784"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231020-0008/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-14T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-19T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Triggerable assertion due to race condition in hot-unplug",
"x_redhatCweChain": "CWE-362-\u003eCWE-617: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) leads to Reachable Assertion"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3301",
"datePublished": "2023-09-13T16:09:36.861Z",
"dateReserved": "2023-06-17T16:48:21.977Z",
"dateUpdated": "2025-02-13T16:55:04.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29499
Vulnerability from cvelistv5
Published
2023-09-14 19:06
Modified
2025-02-13 16:49
Severity ?
EPSS score ?
Summary
Gvariant offset table entry size is not checked in is_normal()
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-29499"
},
{
"name": "RHBZ#2211828",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211828"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2794"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231103-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "glib2",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 37",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges William Manley as the original reporter."
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-27T14:06:16.355Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-29499"
},
{
"name": "RHBZ#2211828",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211828"
},
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2794"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231103-0001/"
},
{
"url": "https://security.gentoo.org/glsa/202311-18"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-24T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-12-14T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Gvariant offset table entry size is not checked in is_normal()",
"x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-29499",
"datePublished": "2023-09-14T19:06:17.810Z",
"dateReserved": "2023-05-30T11:48:42.094Z",
"dateUpdated": "2025-02-13T16:49:21.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1386
Vulnerability from cvelistv5
Published
2023-07-24 15:19
Modified
2024-09-25 19:57
Severity ?
EPSS score ?
Summary
Qemu: 9pfs: suid/sgid bits not dropped on file write
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-1386 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2223985 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/advisories/GHSA-ppj8-867g-rgjr | ||
| https://github.com/v9fs/linux/issues/29 | ||
| https://security.netapp.com/advisory/ntap-20230831-0005/ |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1386"
},
{
"name": "RHBZ#2223985",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223985"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-ppj8-867g-rgjr"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/v9fs/linux/issues/29"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230831-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T19:57:40.931519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T19:57:50.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "qemu",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2023-03-07T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T17:34:27.317Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1386"
},
{
"name": "RHBZ#2223985",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223985"
},
{
"url": "https://github.com/advisories/GHSA-ppj8-867g-rgjr"
},
{
"url": "https://github.com/v9fs/linux/issues/29"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230831-0005/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-01T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-03-07T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Qemu: 9pfs: suid/sgid bits not dropped on file write",
"x_redhatCweChain": "CWE-281: Improper Preservation of Permissions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-1386",
"datePublished": "2023-07-24T15:19:25.843Z",
"dateReserved": "2023-03-14T10:31:59.556Z",
"dateUpdated": "2024-09-25T19:57:50.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3354
Vulnerability from cvelistv5
Published
2023-07-11 16:16
Modified
2025-02-13 16:55
Severity ?
EPSS score ?
Summary
Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-3354 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2216478 | issue-tracking, x_refsource_REDHAT | |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/ | ||
| https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:00.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3354"
},
{
"name": "RHBZ#2216478",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216478"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "qemu",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "affected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:13"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm-rhev",
"product": "Red Hat OpenStack Platform 13 (Queens)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank jiangyegen (Huawei Vulnerability Management Center) and yexiao7 (Huawei Vulnerability Management Center) for reporting this issue."
}
],
"datePublic": "2023-06-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-11T18:05:59.059Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3354"
},
{
"name": "RHBZ#2216478",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216478"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-21T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-28T00:00:00Z",
"value": "Made public."
}
],
"title": "Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service",
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3354",
"datePublished": "2023-07-11T16:16:56.294Z",
"dateReserved": "2023-06-21T12:33:29.897Z",
"dateUpdated": "2025-02-13T16:55:08.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-3296
Vulnerability from cvelistv5
Published
2024-04-04 13:47
Modified
2025-02-07 03:15
Severity ?
EPSS score ?
Summary
Rust-openssl: timing based side-channel can lead to a bleichenbacher style attack
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-3296 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2269723 | issue-tracking, x_refsource_REDHAT |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:28:08.090330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:25.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-3296"
},
{
"name": "RHBZ#2269723",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269723"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/sfackler/rust-openssl/",
"defaultStatus": "unaffected",
"packageName": "rust-openssl",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "389-ds:1.4/389-ds-base",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "python3.12-cryptography",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "389-ds-base",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "keylime-agent-rust",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "python3.12-cryptography",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2024-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T03:15:33.850Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-3296"
},
{
"name": "RHBZ#2269723",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269723"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-15T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-03-15T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Rust-openssl: timing based side-channel can lead to a bleichenbacher style attack",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-208-\u003eCWE-203: Observable Timing Discrepancy leads to Observable Discrepancy"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-3296",
"datePublished": "2024-04-04T13:47:24.183Z",
"dateReserved": "2024-04-04T03:01:36.169Z",
"dateUpdated": "2025-02-07T03:15:33.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2680
Vulnerability from cvelistv5
Published
2023-09-13 16:50
Modified
2025-02-13 16:44
Severity ?
EPSS score ?
Summary
Dma reentrancy issue (incomplete fix for cve-2021-3750)
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-2680 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2203387 | issue-tracking, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20231116-0001/ |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-2680"
},
{
"name": "RHBZ#2203387",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203387"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231116-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "qemu",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:13"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-rhev",
"product": "Red Hat OpenStack Platform 13 (Queens)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T15:07:43.093Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-2680"
},
{
"name": "RHBZ#2203387",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203387"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0001/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-10T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-12T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Dma reentrancy issue (incomplete fix for cve-2021-3750)",
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-2680",
"datePublished": "2023-09-13T16:50:53.532Z",
"dateReserved": "2023-05-12T09:57:43.190Z",
"dateUpdated": "2025-02-13T16:44:57.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3180
Vulnerability from cvelistv5
Published
2023-08-03 14:31
Modified
2024-09-25 19:56
Severity ?
EPSS score ?
Summary
Heap buffer overflow in virtio_crypto_sym_op_helper()
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:07.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3180"
},
{
"name": "RHBZ#2222424",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222424"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230831-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T19:56:22.741782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T19:56:37.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "qemu",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2023-08-03T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T02:29:25.701Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3180"
},
{
"name": "RHBZ#2222424",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222424"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230831-0008/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-12T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-08-03T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Heap buffer overflow in virtio_crypto_sym_op_helper()",
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3180",
"datePublished": "2023-08-03T14:31:36.083Z",
"dateReserved": "2023-06-09T08:30:43.335Z",
"dateUpdated": "2024-09-25T19:56:37.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202109-1966
Vulnerability from variot
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. Python Software Foundation of Python Products from other vendors have resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be in a state. Python is an open source, object-oriented programming language developed by the Python Foundation. The language is scalable, supports modules and packages, and supports multiple platforms. A code issue vulnerability exists in Python due to a failure in the product to properly handle RCFS. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: python3.5 For Ubuntu 16.04 ESM. ========================================================================== Ubuntu Security Notice USN-5200-1 December 17, 2021
python3.7, python3.8 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Python could be made to crash if it receives specially crafted input from a malicious server. (CVE-2020-8492)
It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. (CVE-2021-3737)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: libpython3.7-stdlib 3.7.5-2ubuntu1~18.04.2 libpython3.8-stdlib 3.8.0-3ubuntu1~18.04.2 python3.7 3.7.5-2ubuntu1~18.04.2 python3.7-minimal 3.7.5-2ubuntu1~18.04.2 python3.8 3.8.0-3ubuntu1~18.04.2 python3.8-minimal 3.8.0-3ubuntu1~18.04.2
In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/):
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1997017 - unprivileged client fails to get guest agent data 1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import 2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed 2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion 2007336 - 4.8.3 containers 2007776 - Failed to Migrate Windows VM with CDROM (readonly) 2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted 2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues 2026881 - [4.8.3] vlan-filtering is getting applied on veth ports
- Summary:
The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):
2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: python3 security update Advisory ID: RHSA-2021:4057-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4057 Issue date: 2021-11-02 CVE Names: CVE-2021-3733 =====================================================================
- Summary:
An update for python3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
- python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1995234 - CVE-2021-3733 python: urllib: Regular expression DoS in AbstractBasicAuthHandler
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
aarch64: platform-python-debug-3.6.8-39.el8_4.aarch64.rpm platform-python-devel-3.6.8-39.el8_4.aarch64.rpm python3-debuginfo-3.6.8-39.el8_4.aarch64.rpm python3-debugsource-3.6.8-39.el8_4.aarch64.rpm python3-idle-3.6.8-39.el8_4.aarch64.rpm python3-tkinter-3.6.8-39.el8_4.aarch64.rpm
ppc64le: platform-python-debug-3.6.8-39.el8_4.ppc64le.rpm platform-python-devel-3.6.8-39.el8_4.ppc64le.rpm python3-debuginfo-3.6.8-39.el8_4.ppc64le.rpm python3-debugsource-3.6.8-39.el8_4.ppc64le.rpm python3-idle-3.6.8-39.el8_4.ppc64le.rpm python3-tkinter-3.6.8-39.el8_4.ppc64le.rpm
s390x: platform-python-debug-3.6.8-39.el8_4.s390x.rpm platform-python-devel-3.6.8-39.el8_4.s390x.rpm python3-debuginfo-3.6.8-39.el8_4.s390x.rpm python3-debugsource-3.6.8-39.el8_4.s390x.rpm python3-idle-3.6.8-39.el8_4.s390x.rpm python3-tkinter-3.6.8-39.el8_4.s390x.rpm
x86_64: platform-python-3.6.8-39.el8_4.i686.rpm platform-python-debug-3.6.8-39.el8_4.i686.rpm platform-python-debug-3.6.8-39.el8_4.x86_64.rpm platform-python-devel-3.6.8-39.el8_4.i686.rpm platform-python-devel-3.6.8-39.el8_4.x86_64.rpm python3-debuginfo-3.6.8-39.el8_4.i686.rpm python3-debuginfo-3.6.8-39.el8_4.x86_64.rpm python3-debugsource-3.6.8-39.el8_4.i686.rpm python3-debugsource-3.6.8-39.el8_4.x86_64.rpm python3-idle-3.6.8-39.el8_4.i686.rpm python3-idle-3.6.8-39.el8_4.x86_64.rpm python3-test-3.6.8-39.el8_4.i686.rpm python3-tkinter-3.6.8-39.el8_4.i686.rpm python3-tkinter-3.6.8-39.el8_4.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: python3-3.6.8-39.el8_4.src.rpm
aarch64: platform-python-3.6.8-39.el8_4.aarch64.rpm python3-debuginfo-3.6.8-39.el8_4.aarch64.rpm python3-debugsource-3.6.8-39.el8_4.aarch64.rpm python3-libs-3.6.8-39.el8_4.aarch64.rpm python3-test-3.6.8-39.el8_4.aarch64.rpm
ppc64le: platform-python-3.6.8-39.el8_4.ppc64le.rpm python3-debuginfo-3.6.8-39.el8_4.ppc64le.rpm python3-debugsource-3.6.8-39.el8_4.ppc64le.rpm python3-libs-3.6.8-39.el8_4.ppc64le.rpm python3-test-3.6.8-39.el8_4.ppc64le.rpm
s390x: platform-python-3.6.8-39.el8_4.s390x.rpm python3-debuginfo-3.6.8-39.el8_4.s390x.rpm python3-debugsource-3.6.8-39.el8_4.s390x.rpm python3-libs-3.6.8-39.el8_4.s390x.rpm python3-test-3.6.8-39.el8_4.s390x.rpm
x86_64: platform-python-3.6.8-39.el8_4.x86_64.rpm python3-debuginfo-3.6.8-39.el8_4.i686.rpm python3-debuginfo-3.6.8-39.el8_4.x86_64.rpm python3-debugsource-3.6.8-39.el8_4.i686.rpm python3-debugsource-3.6.8-39.el8_4.x86_64.rpm python3-libs-3.6.8-39.el8_4.i686.rpm python3-libs-3.6.8-39.el8_4.x86_64.rpm python3-test-3.6.8-39.el8_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYYD6u9zjgjWX9erEAQgCbg//S3byb5BXGosk0v+LDiREjmiOkmk9QpLJ 8SCgT7ap9IRI6rghoGv7bsLpRyydrd8KR0pIDCQOJngEGZfJEUiwk6QhdFs0JHqG aHb1JJCBGTyQ9b0jhrKlJKCvJJk9oscRhkVn2AYm9r4fAnwzSqLaTd+8/PxJrKi+ 7M6I3xh3MYVj5j8Y56GCXYbuAxQqNRPUunzLC8tr79zuVt1iH5qAbff/Dmtkpl4A zDDMp42s7UN1H+Y4pRo9b7MqJLpa1GjuZWsVr53QZu4al7Cbw+iAlz4R2P3pQVKv uHCkl7pWi+v22po5C55+djkPPzzu0NiVJ9CLI/gtI4lx7dJ6uKqNaPvetzuaKaR5 9HEFIRat1V/jD/boAa4gUscosId8h8Arm8UDLaIoJ5IqdNYrRb+AtXpBN2Clg0S2 z9KLbG7jNFAH4sqmIsYz2t+O8pQteMzQdbhoSx8KdaQgIqjUBd+dBXE3P0kndc0g 1No7qsDjavlD31uvXC6K+RO0bESW7kZbcscseO5xiiMNBCbWjKVjKo5DavNxmrTf W4DkMsSzmijKqBsoBgxizFiCF82NH+UXIY/PSNJ4h8KKwi377FRwVvjg8JC5TBPG Wpg6oNbHBTrWEmdlOcL6C13gjIDVtU3lWVomlGYkb7/t4KtjiorJuzuolcqpkRVp YfBN+OdHhpA= =MOG7 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8 and 4.9, and includes security and bug fixes and enhancements. Bugs fixed (https://bugzilla.redhat.com/):
1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 2016256 - Release of OpenShift Serverless Eventing 1.19.0 2016258 - Release of OpenShift Serverless Serving 1.19.0
-
7) - noarch, x86_64
-
8) - aarch64, noarch, ppc64le, s390x, x86_64
-
The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1966",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "python",
"scope": "lt",
"trust": 1.0,
"vendor": "python",
"version": "3.7.11"
},
{
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "python",
"scope": "gte",
"trust": 1.0,
"vendor": "python",
"version": "3.8.0"
},
{
"model": "solidfire\\, enterprise sds \\\u0026 hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "python",
"scope": "lt",
"trust": 1.0,
"vendor": "python",
"version": "3.6.14"
},
{
"model": "codeready linux builder",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux for power little endian eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "extra packages for enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "7.0"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "management services for element software and netapp hci",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "codeready linux builder for power little endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux server for power little endian update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "python",
"scope": "eq",
"trust": 1.0,
"vendor": "python",
"version": "3.10.0"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "python",
"scope": "lt",
"trust": 1.0,
"vendor": "python",
"version": "3.9.5"
},
{
"model": "python",
"scope": "gte",
"trust": 1.0,
"vendor": "python",
"version": "3.9.0"
},
{
"model": "python",
"scope": "gte",
"trust": 1.0,
"vendor": "python",
"version": "3.7.0"
},
{
"model": "python",
"scope": "lt",
"trust": 1.0,
"vendor": "python",
"version": "3.8.10"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "codeready linux builder for ibm z systems",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "enterprise linux for ibm z systems eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "red hat enterprise linux for ibm z systems",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "red hat enterprise linux for power, little endian - update services for sap solutions",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "red hat enterprise linux server aus",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "red hat enterprise linux for ibm z systems - extended update support",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "solidfire enterprise sds \u0026 hci storage node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "red hat enterprise linux server tus",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "red hat enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "python",
"scope": null,
"trust": 0.8,
"vendor": "python",
"version": null
},
{
"model": "hci compute node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "red hat enterprise linux for power, little endian - extended update support",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "red hat enterprise linux eus",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "red hat enterprise linux server update services for sap solutions",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "management software for element software and netapp hci",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "codeready linux builder for power little endian",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "codeready linux builder for ibm z systems",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "codeready linux builder",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "extra packages for enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "red hat enterprise linux for power, little endian",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018724"
},
{
"db": "NVD",
"id": "CVE-2021-3733"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "165135"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "PACKETSTORM",
"id": "164741"
},
{
"db": "PACKETSTORM",
"id": "165053"
},
{
"db": "PACKETSTORM",
"id": "166913"
},
{
"db": "PACKETSTORM",
"id": "167043"
}
],
"trust": 0.7
},
"cve": "CVE-2021-3733",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-3733",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-397442",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-3733",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-3733",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-3733",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-3733",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULHUB",
"id": "VHN-397442",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-397442"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018724"
},
{
"db": "NVD",
"id": "CVE-2021-3733"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There\u0027s a flaw in urllib\u0027s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. Python Software Foundation of Python Products from other vendors have resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be in a state. Python is an open source, object-oriented programming language developed by the Python Foundation. The language is scalable, supports modules and packages, and supports multiple platforms. A code issue vulnerability exists in Python due to a failure in the product to properly handle RCFS. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: python3.5 For Ubuntu 16.04 ESM. ==========================================================================\nUbuntu Security Notice USN-5200-1\nDecember 17, 2021\n\npython3.7, python3.8 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n\nSummary:\n\nPython could be made to crash if it receives specially crafted input \nfrom a malicious server. \n(CVE-2020-8492)\n\nIt was discovered that the urllib.request.AbstractBasicAuthHandler class\nin Python contains regex with a quadratic worst-case time complexity. \n(CVE-2021-3737)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n libpython3.7-stdlib 3.7.5-2ubuntu1~18.04.2\n libpython3.8-stdlib 3.8.0-3ubuntu1~18.04.2\n python3.7 3.7.5-2ubuntu1~18.04.2\n python3.7-minimal 3.7.5-2ubuntu1~18.04.2\n python3.8 3.8.0-3ubuntu1~18.04.2\n python3.8-minimal 3.8.0-3ubuntu1~18.04.2\n\nIn general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1997017 - unprivileged client fails to get guest agent data\n1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed\n2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount\n2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import\n2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed\n2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion\n2007336 - 4.8.3 containers\n2007776 - Failed to Migrate Windows VM with CDROM (readonly)\n2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13\n2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted\n2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues\n2026881 - [4.8.3] vlan-filtering is getting applied on veth ports\n\n5. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution\n2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport)\n2006842 - MigCluster CR remains in \"unready\" state and source registry is inaccessible after temporary shutdown of source cluster\n2007429 - \"oc describe\" and \"oc log\" commands on \"Migration resources\" tree cannot be copied after failed migration\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: python3 security update\nAdvisory ID: RHSA-2021:4057-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4057\nIssue date: 2021-11-02\nCVE Names: CVE-2021-3733 \n=====================================================================\n\n1. Summary:\n\nAn update for python3 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage, which includes modules, classes, exceptions, very high level\ndynamic data types and dynamic typing. Python supports interfaces to many\nsystem calls and libraries, as well as to various windowing systems. \n\nSecurity Fix(es):\n\n* python: urllib: Regular expression DoS in AbstractBasicAuthHandler\n(CVE-2021-3733)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995234 - CVE-2021-3733 python: urllib: Regular expression DoS in AbstractBasicAuthHandler\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\naarch64:\nplatform-python-debug-3.6.8-39.el8_4.aarch64.rpm\nplatform-python-devel-3.6.8-39.el8_4.aarch64.rpm\npython3-debuginfo-3.6.8-39.el8_4.aarch64.rpm\npython3-debugsource-3.6.8-39.el8_4.aarch64.rpm\npython3-idle-3.6.8-39.el8_4.aarch64.rpm\npython3-tkinter-3.6.8-39.el8_4.aarch64.rpm\n\nppc64le:\nplatform-python-debug-3.6.8-39.el8_4.ppc64le.rpm\nplatform-python-devel-3.6.8-39.el8_4.ppc64le.rpm\npython3-debuginfo-3.6.8-39.el8_4.ppc64le.rpm\npython3-debugsource-3.6.8-39.el8_4.ppc64le.rpm\npython3-idle-3.6.8-39.el8_4.ppc64le.rpm\npython3-tkinter-3.6.8-39.el8_4.ppc64le.rpm\n\ns390x:\nplatform-python-debug-3.6.8-39.el8_4.s390x.rpm\nplatform-python-devel-3.6.8-39.el8_4.s390x.rpm\npython3-debuginfo-3.6.8-39.el8_4.s390x.rpm\npython3-debugsource-3.6.8-39.el8_4.s390x.rpm\npython3-idle-3.6.8-39.el8_4.s390x.rpm\npython3-tkinter-3.6.8-39.el8_4.s390x.rpm\n\nx86_64:\nplatform-python-3.6.8-39.el8_4.i686.rpm\nplatform-python-debug-3.6.8-39.el8_4.i686.rpm\nplatform-python-debug-3.6.8-39.el8_4.x86_64.rpm\nplatform-python-devel-3.6.8-39.el8_4.i686.rpm\nplatform-python-devel-3.6.8-39.el8_4.x86_64.rpm\npython3-debuginfo-3.6.8-39.el8_4.i686.rpm\npython3-debuginfo-3.6.8-39.el8_4.x86_64.rpm\npython3-debugsource-3.6.8-39.el8_4.i686.rpm\npython3-debugsource-3.6.8-39.el8_4.x86_64.rpm\npython3-idle-3.6.8-39.el8_4.i686.rpm\npython3-idle-3.6.8-39.el8_4.x86_64.rpm\npython3-test-3.6.8-39.el8_4.i686.rpm\npython3-tkinter-3.6.8-39.el8_4.i686.rpm\npython3-tkinter-3.6.8-39.el8_4.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\npython3-3.6.8-39.el8_4.src.rpm\n\naarch64:\nplatform-python-3.6.8-39.el8_4.aarch64.rpm\npython3-debuginfo-3.6.8-39.el8_4.aarch64.rpm\npython3-debugsource-3.6.8-39.el8_4.aarch64.rpm\npython3-libs-3.6.8-39.el8_4.aarch64.rpm\npython3-test-3.6.8-39.el8_4.aarch64.rpm\n\nppc64le:\nplatform-python-3.6.8-39.el8_4.ppc64le.rpm\npython3-debuginfo-3.6.8-39.el8_4.ppc64le.rpm\npython3-debugsource-3.6.8-39.el8_4.ppc64le.rpm\npython3-libs-3.6.8-39.el8_4.ppc64le.rpm\npython3-test-3.6.8-39.el8_4.ppc64le.rpm\n\ns390x:\nplatform-python-3.6.8-39.el8_4.s390x.rpm\npython3-debuginfo-3.6.8-39.el8_4.s390x.rpm\npython3-debugsource-3.6.8-39.el8_4.s390x.rpm\npython3-libs-3.6.8-39.el8_4.s390x.rpm\npython3-test-3.6.8-39.el8_4.s390x.rpm\n\nx86_64:\nplatform-python-3.6.8-39.el8_4.x86_64.rpm\npython3-debuginfo-3.6.8-39.el8_4.i686.rpm\npython3-debuginfo-3.6.8-39.el8_4.x86_64.rpm\npython3-debugsource-3.6.8-39.el8_4.i686.rpm\npython3-debugsource-3.6.8-39.el8_4.x86_64.rpm\npython3-libs-3.6.8-39.el8_4.i686.rpm\npython3-libs-3.6.8-39.el8_4.x86_64.rpm\npython3-test-3.6.8-39.el8_4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3733\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYD6u9zjgjWX9erEAQgCbg//S3byb5BXGosk0v+LDiREjmiOkmk9QpLJ\n8SCgT7ap9IRI6rghoGv7bsLpRyydrd8KR0pIDCQOJngEGZfJEUiwk6QhdFs0JHqG\naHb1JJCBGTyQ9b0jhrKlJKCvJJk9oscRhkVn2AYm9r4fAnwzSqLaTd+8/PxJrKi+\n7M6I3xh3MYVj5j8Y56GCXYbuAxQqNRPUunzLC8tr79zuVt1iH5qAbff/Dmtkpl4A\nzDDMp42s7UN1H+Y4pRo9b7MqJLpa1GjuZWsVr53QZu4al7Cbw+iAlz4R2P3pQVKv\nuHCkl7pWi+v22po5C55+djkPPzzu0NiVJ9CLI/gtI4lx7dJ6uKqNaPvetzuaKaR5\n9HEFIRat1V/jD/boAa4gUscosId8h8Arm8UDLaIoJ5IqdNYrRb+AtXpBN2Clg0S2\nz9KLbG7jNFAH4sqmIsYz2t+O8pQteMzQdbhoSx8KdaQgIqjUBd+dBXE3P0kndc0g\n1No7qsDjavlD31uvXC6K+RO0bESW7kZbcscseO5xiiMNBCbWjKVjKo5DavNxmrTf\nW4DkMsSzmijKqBsoBgxizFiCF82NH+UXIY/PSNJ4h8KKwi377FRwVvjg8JC5TBPG\nWpg6oNbHBTrWEmdlOcL6C13gjIDVtU3lWVomlGYkb7/t4KtjiorJuzuolcqpkRVp\nYfBN+OdHhpA=\n=MOG7\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \nThis version of the OpenShift Serverless Operator is supported on Red Hat\nOpenShift Container Platform versions 4.6, 4.7, 4.8 and 4.9, and includes\nsecurity and bug fixes and enhancements. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n2016256 - Release of OpenShift Serverless Eventing 1.19.0\n2016258 - Release of OpenShift Serverless Serving 1.19.0\n\n5. 7) - noarch, x86_64\n\n3. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. The python27 packages provide a stable release of\nPython 2.7 with a number of additional utilities and database connectors\nfor MySQL and PostgreSQL",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3733"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018724"
},
{
"db": "VULHUB",
"id": "VHN-397442"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "165361"
},
{
"db": "PACKETSTORM",
"id": "165363"
},
{
"db": "PACKETSTORM",
"id": "165135"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "PACKETSTORM",
"id": "164741"
},
{
"db": "PACKETSTORM",
"id": "165053"
},
{
"db": "PACKETSTORM",
"id": "166913"
},
{
"db": "PACKETSTORM",
"id": "167043"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3733",
"trust": 3.6
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018724",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165053",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167043",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165363",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "164741",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165361",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165008",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164948",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165337",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167023",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164859",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164993",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1139",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-397442",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165631",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165099",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166913",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-397442"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018724"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "165361"
},
{
"db": "PACKETSTORM",
"id": "165363"
},
{
"db": "PACKETSTORM",
"id": "165135"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "PACKETSTORM",
"id": "164741"
},
{
"db": "PACKETSTORM",
"id": "165053"
},
{
"db": "PACKETSTORM",
"id": "166913"
},
{
"db": "PACKETSTORM",
"id": "167043"
},
{
"db": "NVD",
"id": "CVE-2021-3733"
}
]
},
"id": "VAR-202109-1966",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-397442"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T20:36:57.529000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-397442"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018724"
},
{
"db": "NVD",
"id": "CVE-2021-3733"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.netapp.com/advisory/ntap-20220407-0001/"
},
{
"trust": 1.9,
"url": "https://bugs.python.org/issue43075"
},
{
"trust": 1.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995234"
},
{
"trust": 1.9,
"url": "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb"
},
{
"trust": 1.9,
"url": "https://github.com/python/cpython/pull/24391"
},
{
"trust": 1.9,
"url": "https://ubuntu.com/security/cve-2021-3733"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3733"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3737"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3948"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3737"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0391"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1870"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3575"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-18032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1801"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1765"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27828"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26926"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24870"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1789"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27824"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/python3.8/3.8.0-3ubuntu1~18.04.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5200-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/python3.7/3.7.5-2ubuntu1~18.04.2"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5199-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/python3.6/3.6.9-1~18.04ubuntu1.6"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36385"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20317"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20317"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4914"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28950"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3757"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4848"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4057"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1663"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43818"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1821"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43818"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-397442"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018724"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "165361"
},
{
"db": "PACKETSTORM",
"id": "165363"
},
{
"db": "PACKETSTORM",
"id": "165135"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "PACKETSTORM",
"id": "164741"
},
{
"db": "PACKETSTORM",
"id": "165053"
},
{
"db": "PACKETSTORM",
"id": "166913"
},
{
"db": "PACKETSTORM",
"id": "167043"
},
{
"db": "NVD",
"id": "CVE-2021-3733"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-397442"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018724"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "165361"
},
{
"db": "PACKETSTORM",
"id": "165363"
},
{
"db": "PACKETSTORM",
"id": "165135"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "PACKETSTORM",
"id": "164741"
},
{
"db": "PACKETSTORM",
"id": "165053"
},
{
"db": "PACKETSTORM",
"id": "166913"
},
{
"db": "PACKETSTORM",
"id": "167043"
},
{
"db": "NVD",
"id": "CVE-2021-3733"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-397442"
},
{
"date": "2023-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-018724"
},
{
"date": "2022-01-20T17:48:29",
"db": "PACKETSTORM",
"id": "165631"
},
{
"date": "2021-12-17T19:23:35",
"db": "PACKETSTORM",
"id": "165361"
},
{
"date": "2021-12-17T19:23:51",
"db": "PACKETSTORM",
"id": "165363"
},
{
"date": "2021-12-03T16:41:45",
"db": "PACKETSTORM",
"id": "165135"
},
{
"date": "2021-11-30T14:44:48",
"db": "PACKETSTORM",
"id": "165099"
},
{
"date": "2021-11-02T15:33:39",
"db": "PACKETSTORM",
"id": "164741"
},
{
"date": "2021-11-23T17:10:05",
"db": "PACKETSTORM",
"id": "165053"
},
{
"date": "2022-05-02T15:26:53",
"db": "PACKETSTORM",
"id": "166913"
},
{
"date": "2022-05-11T15:59:26",
"db": "PACKETSTORM",
"id": "167043"
},
{
"date": "2022-03-10T17:42:59.623000",
"db": "NVD",
"id": "CVE-2021-3733"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-26T00:00:00",
"db": "VULHUB",
"id": "VHN-397442"
},
{
"date": "2023-07-05T08:12:00",
"db": "JVNDB",
"id": "JVNDB-2021-018724"
},
{
"date": "2023-06-30T23:15:09.690000",
"db": "NVD",
"id": "CVE-2021-3733"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Python\u00a0Software\u00a0Foundation\u00a0 of \u00a0Python\u00a0 Vulnerability related to resource exhaustion in products of multiple vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018724"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165099"
}
],
"trust": 0.1
}
}
var-202205-1370
Vulnerability from variot
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google Chrome Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-5568-1 August 15, 2022
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description: - webkit2gtk: Web content engine library for GTK+
Details:
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: libjavascriptcoregtk-4.0-18 2.36.6-0ubuntu0.22.04.1 libwebkit2gtk-4.0-37 2.36.6-0ubuntu0.22.04.1 libwebkit2gtk-4.1-0 2.36.6-0ubuntu0.22.04.1
Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.36.6-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.36.6-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes.
For the stable distribution (bullseye), these problems have been fixed in version 103.0.5060.114-1~deb11u1.
We recommend that you upgrade your chromium packages.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. CVE-2022-32832: Tommy Muir (@Muirey03)
AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may be able to cause kernel code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2022-32821: John Aakerblom (@jaakerblom)
Home Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.6 and iPadOS 15.6". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-35
https://security.gentoo.org/
Severity: High Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #858104, #859442, #863512, #865501, #864723 ID: 202208-35
Synopsis
Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.
Background
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
Google Chrome is one fast, simple, and secure browser for all your devices.
Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 104.0.5112.101 >= 104.0.5112.101 2 www-client/chromium-bin < 104.0.5112.101 >= 104.0.5112.101 3 www-client/google-chrome < 104.0.5112.101 >= 104.0.5112.101 4 www-client/microsoft-edge < 104.0.1293.63 >= 104.0.1293.63
Description
Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-104.0.5112.101"
All Chromium binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-104.0.5112.101"
All Google Chrome users should upgrade to tha latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/google-chrome-104.0.5112.101"
All Microsoft Edge users should upgrade to tha latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-104.0.1293.63"
References
[ 1 ] CVE-2022-2163 https://nvd.nist.gov/vuln/detail/CVE-2022-2163 [ 2 ] CVE-2022-2294 https://nvd.nist.gov/vuln/detail/CVE-2022-2294 [ 3 ] CVE-2022-2295 https://nvd.nist.gov/vuln/detail/CVE-2022-2295 [ 4 ] CVE-2022-2296 https://nvd.nist.gov/vuln/detail/CVE-2022-2296 [ 5 ] CVE-2022-2477 https://nvd.nist.gov/vuln/detail/CVE-2022-2477 [ 6 ] CVE-2022-2478 https://nvd.nist.gov/vuln/detail/CVE-2022-2478 [ 7 ] CVE-2022-2479 https://nvd.nist.gov/vuln/detail/CVE-2022-2479 [ 8 ] CVE-2022-2480 https://nvd.nist.gov/vuln/detail/CVE-2022-2480 [ 9 ] CVE-2022-2481 https://nvd.nist.gov/vuln/detail/CVE-2022-2481 [ 10 ] CVE-2022-2603 https://nvd.nist.gov/vuln/detail/CVE-2022-2603 [ 11 ] CVE-2022-2604 https://nvd.nist.gov/vuln/detail/CVE-2022-2604 [ 12 ] CVE-2022-2605 https://nvd.nist.gov/vuln/detail/CVE-2022-2605 [ 13 ] CVE-2022-2606 https://nvd.nist.gov/vuln/detail/CVE-2022-2606 [ 14 ] CVE-2022-2607 https://nvd.nist.gov/vuln/detail/CVE-2022-2607 [ 15 ] CVE-2022-2608 https://nvd.nist.gov/vuln/detail/CVE-2022-2608 [ 16 ] CVE-2022-2609 https://nvd.nist.gov/vuln/detail/CVE-2022-2609 [ 17 ] CVE-2022-2610 https://nvd.nist.gov/vuln/detail/CVE-2022-2610 [ 18 ] CVE-2022-2611 https://nvd.nist.gov/vuln/detail/CVE-2022-2611 [ 19 ] CVE-2022-2612 https://nvd.nist.gov/vuln/detail/CVE-2022-2612 [ 20 ] CVE-2022-2613 https://nvd.nist.gov/vuln/detail/CVE-2022-2613 [ 21 ] CVE-2022-2614 https://nvd.nist.gov/vuln/detail/CVE-2022-2614 [ 22 ] CVE-2022-2615 https://nvd.nist.gov/vuln/detail/CVE-2022-2615 [ 23 ] CVE-2022-2616 https://nvd.nist.gov/vuln/detail/CVE-2022-2616 [ 24 ] CVE-2022-2617 https://nvd.nist.gov/vuln/detail/CVE-2022-2617 [ 25 ] CVE-2022-2618 https://nvd.nist.gov/vuln/detail/CVE-2022-2618 [ 26 ] CVE-2022-2619 https://nvd.nist.gov/vuln/detail/CVE-2022-2619 [ 27 ] CVE-2022-2620 https://nvd.nist.gov/vuln/detail/CVE-2022-2620 [ 28 ] CVE-2022-2621 https://nvd.nist.gov/vuln/detail/CVE-2022-2621 [ 29 ] CVE-2022-2622 https://nvd.nist.gov/vuln/detail/CVE-2022-2622 [ 30 ] CVE-2022-2623 https://nvd.nist.gov/vuln/detail/CVE-2022-2623 [ 31 ] CVE-2022-2624 https://nvd.nist.gov/vuln/detail/CVE-2022-2624 [ 32 ] CVE-2022-2852 https://nvd.nist.gov/vuln/detail/CVE-2022-2852 [ 33 ] CVE-2022-2853 https://nvd.nist.gov/vuln/detail/CVE-2022-2853 [ 34 ] CVE-2022-2854 https://nvd.nist.gov/vuln/detail/CVE-2022-2854 [ 35 ] CVE-2022-2855 https://nvd.nist.gov/vuln/detail/CVE-2022-2855 [ 36 ] CVE-2022-2856 https://nvd.nist.gov/vuln/detail/CVE-2022-2856 [ 37 ] CVE-2022-2857 https://nvd.nist.gov/vuln/detail/CVE-2022-2857 [ 38 ] CVE-2022-2858 https://nvd.nist.gov/vuln/detail/CVE-2022-2858 [ 39 ] CVE-2022-2859 https://nvd.nist.gov/vuln/detail/CVE-2022-2859 [ 40 ] CVE-2022-2860 https://nvd.nist.gov/vuln/detail/CVE-2022-2860 [ 41 ] CVE-2022-2861 https://nvd.nist.gov/vuln/detail/CVE-2022-2861 [ 42 ] CVE-2022-33636 https://nvd.nist.gov/vuln/detail/CVE-2022-33636 [ 43 ] CVE-2022-33649 https://nvd.nist.gov/vuln/detail/CVE-2022-33649 [ 44 ] CVE-2022-35796 https://nvd.nist.gov/vuln/detail/CVE-2022-35796
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-35
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-07-20-2 macOS Monterey 12.5
macOS Monterey 12.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213345.
APFS Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03)
AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36)
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security
Audio Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher
Audio Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom)
Automation Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved checks. CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Calendar Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security
CoreMedia Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)
CoreText Available for: macOS Monterey Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg)
File System Events Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant
GPU Drivers Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2022-32793: an anonymous researcher
GPU Drivers Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom)
iCloud Photo Library Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones
ICU Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32841: hjy79425575 ImageIO Available for: macOS Monterey Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.
Kernel Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32829: an anonymous researcher
Liblouis Available for: macOS Monterey Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)
libxml2 Available for: macOS Monterey Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t)
PluginKit Available for: macOS Monterey Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
PS Normalizer Available for: macOS Monterey Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz
SMB Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)
Software Update Available for: macOS Monterey Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin)
Spindump Available for: macOS Monterey Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Spotlight Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2022-32801: Joshua Mason (@josh@jhu.edu)
subversion Available for: macOS Monterey Impact: Multiple issues in subversion Description: Multiple issues were addressed by updating subversion. CVE-2021-28544: Evgeny Kotkov, visualsvn.com CVE-2022-24070: Evgeny Kotkov, visualsvn.com CVE-2022-29046: Evgeny Kotkov, visualsvn.com CVE-2022-29048: Evgeny Kotkov, visualsvn.com
TCC Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
WebKit Available for: macOS Monterey Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative
WebRTC Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Wi-Fi Available for: macOS Monterey Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval
Wi-Fi Available for: macOS Monterey Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval
Windows Server Available for: macOS Monterey Impact: An app may be able to capture a user’s screen Description: A logic issue was addressed with improved checks. CVE-2022-32848: Jeremy Legendre of MacEnhance
Additional recognition
802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance.
AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
Calendar We would like to acknowledge Joshua Jones for their assistance.
configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
DiskArbitration We would like to acknowledge Mike Cush for their assistance.
macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b /Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh 6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9 V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg= =ibIr -----END PGP SIGNATURE-----
.
Background
QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1370",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "chrome",
"scope": "lt",
"trust": 1.0,
"vendor": "google",
"version": "103.0.5060.114"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6"
},
{
"model": "wpe webkit",
"scope": "lt",
"trust": 1.0,
"vendor": "wpewebkit",
"version": "2.36.5"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "webkitgtk",
"scope": "lt",
"trust": 1.0,
"vendor": "webkitgtk",
"version": "2.36.5"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.5"
},
{
"model": "webrtc",
"scope": "eq",
"trust": 1.0,
"vendor": "webrtc",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.8"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "extra packages for enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "8.0"
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "webrtc",
"scope": null,
"trust": 0.8,
"vendor": "the webrtc",
"version": null
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "extra packages for enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "webkitgtk",
"scope": null,
"trust": 0.8,
"vendor": "the webkitgtk team",
"version": null
},
{
"model": "webkit",
"scope": null,
"trust": 0.8,
"vendor": "the wpe team",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168226"
},
{
"db": "PACKETSTORM",
"id": "168126"
},
{
"db": "PACKETSTORM",
"id": "175908"
}
],
"trust": 0.3
},
"cve": "CVE-2022-2294",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2294",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2294",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2294",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2294",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-345",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google Chrome Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-5568-1\nAugust 15, 2022\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK. \n\nSoftware Description:\n- webkit2gtk: Web content engine library for GTK+\n\nDetails:\n\nSeveral security issues were discovered in the WebKitGTK Web and JavaScript\nengines. If a user were tricked into viewing a malicious website, a remote\nattacker could exploit a variety of issues related to web browser security,\nincluding cross-site scripting attacks, denial of service attacks, and\narbitrary code execution. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n libjavascriptcoregtk-4.0-18 2.36.6-0ubuntu0.22.04.1\n libwebkit2gtk-4.0-37 2.36.6-0ubuntu0.22.04.1\n libwebkit2gtk-4.1-0 2.36.6-0ubuntu0.22.04.1\n\nUbuntu 20.04 LTS:\n libjavascriptcoregtk-4.0-18 2.36.6-0ubuntu0.20.04.1\n libwebkit2gtk-4.0-37 2.36.6-0ubuntu0.20.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK, such as Epiphany, to make all the necessary changes. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.114-1~deb11u1. \n\nWe recommend that you upgrade your chromium packages. \n\nBackground\n=========\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from hybrid\nHTML/CSS applications to full-fledged web browsers. \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleAVD\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote user may be able to cause kernel code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\nHome\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/ iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device. The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device. To\ncheck that the iPhone, iPod touch, or iPad has been updated: *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 15.6 and iPadOS 15.6\". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-35\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #858104, #859442, #863512, #865501, #864723\n ID: 202208-35\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in Chromium and its\nderivatives, the worst of which could result in remote code execution. \n\nBackground\n=========\nChromium is an open-source browser project that aims to build a safer,\nfaster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one fast, simple, and secure browser for all your\ndevices. \n\nMicrosoft Edge is a browser that combines a minimal design with\nsophisticated technology to make the web faster, safer, and easier. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/chromium \u003c 104.0.5112.101 \u003e= 104.0.5112.101\n 2 www-client/chromium-bin \u003c 104.0.5112.101 \u003e= 104.0.5112.101\n 3 www-client/google-chrome \u003c 104.0.5112.101 \u003e= 104.0.5112.101\n 4 www-client/microsoft-edge \u003c 104.0.1293.63 \u003e= 104.0.1293.63\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Chromium and its\nderivatives. Please review the CVE identifiers referenced below for\ndetails. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/chromium-104.0.5112.101\"\n\nAll Chromium binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/chromium-bin-104.0.5112.101\"\n\nAll Google Chrome users should upgrade to tha latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/google-chrome-104.0.5112.101\"\n\nAll Microsoft Edge users should upgrade to tha latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/microsoft-edge-104.0.1293.63\"\n\nReferences\n=========\n[ 1 ] CVE-2022-2163\n https://nvd.nist.gov/vuln/detail/CVE-2022-2163\n[ 2 ] CVE-2022-2294\n https://nvd.nist.gov/vuln/detail/CVE-2022-2294\n[ 3 ] CVE-2022-2295\n https://nvd.nist.gov/vuln/detail/CVE-2022-2295\n[ 4 ] CVE-2022-2296\n https://nvd.nist.gov/vuln/detail/CVE-2022-2296\n[ 5 ] CVE-2022-2477\n https://nvd.nist.gov/vuln/detail/CVE-2022-2477\n[ 6 ] CVE-2022-2478\n https://nvd.nist.gov/vuln/detail/CVE-2022-2478\n[ 7 ] CVE-2022-2479\n https://nvd.nist.gov/vuln/detail/CVE-2022-2479\n[ 8 ] CVE-2022-2480\n https://nvd.nist.gov/vuln/detail/CVE-2022-2480\n[ 9 ] CVE-2022-2481\n https://nvd.nist.gov/vuln/detail/CVE-2022-2481\n[ 10 ] CVE-2022-2603\n https://nvd.nist.gov/vuln/detail/CVE-2022-2603\n[ 11 ] CVE-2022-2604\n https://nvd.nist.gov/vuln/detail/CVE-2022-2604\n[ 12 ] CVE-2022-2605\n https://nvd.nist.gov/vuln/detail/CVE-2022-2605\n[ 13 ] CVE-2022-2606\n https://nvd.nist.gov/vuln/detail/CVE-2022-2606\n[ 14 ] CVE-2022-2607\n https://nvd.nist.gov/vuln/detail/CVE-2022-2607\n[ 15 ] CVE-2022-2608\n https://nvd.nist.gov/vuln/detail/CVE-2022-2608\n[ 16 ] CVE-2022-2609\n https://nvd.nist.gov/vuln/detail/CVE-2022-2609\n[ 17 ] CVE-2022-2610\n https://nvd.nist.gov/vuln/detail/CVE-2022-2610\n[ 18 ] CVE-2022-2611\n https://nvd.nist.gov/vuln/detail/CVE-2022-2611\n[ 19 ] CVE-2022-2612\n https://nvd.nist.gov/vuln/detail/CVE-2022-2612\n[ 20 ] CVE-2022-2613\n https://nvd.nist.gov/vuln/detail/CVE-2022-2613\n[ 21 ] CVE-2022-2614\n https://nvd.nist.gov/vuln/detail/CVE-2022-2614\n[ 22 ] CVE-2022-2615\n https://nvd.nist.gov/vuln/detail/CVE-2022-2615\n[ 23 ] CVE-2022-2616\n https://nvd.nist.gov/vuln/detail/CVE-2022-2616\n[ 24 ] CVE-2022-2617\n https://nvd.nist.gov/vuln/detail/CVE-2022-2617\n[ 25 ] CVE-2022-2618\n https://nvd.nist.gov/vuln/detail/CVE-2022-2618\n[ 26 ] CVE-2022-2619\n https://nvd.nist.gov/vuln/detail/CVE-2022-2619\n[ 27 ] CVE-2022-2620\n https://nvd.nist.gov/vuln/detail/CVE-2022-2620\n[ 28 ] CVE-2022-2621\n https://nvd.nist.gov/vuln/detail/CVE-2022-2621\n[ 29 ] CVE-2022-2622\n https://nvd.nist.gov/vuln/detail/CVE-2022-2622\n[ 30 ] CVE-2022-2623\n https://nvd.nist.gov/vuln/detail/CVE-2022-2623\n[ 31 ] CVE-2022-2624\n https://nvd.nist.gov/vuln/detail/CVE-2022-2624\n[ 32 ] CVE-2022-2852\n https://nvd.nist.gov/vuln/detail/CVE-2022-2852\n[ 33 ] CVE-2022-2853\n https://nvd.nist.gov/vuln/detail/CVE-2022-2853\n[ 34 ] CVE-2022-2854\n https://nvd.nist.gov/vuln/detail/CVE-2022-2854\n[ 35 ] CVE-2022-2855\n https://nvd.nist.gov/vuln/detail/CVE-2022-2855\n[ 36 ] CVE-2022-2856\n https://nvd.nist.gov/vuln/detail/CVE-2022-2856\n[ 37 ] CVE-2022-2857\n https://nvd.nist.gov/vuln/detail/CVE-2022-2857\n[ 38 ] CVE-2022-2858\n https://nvd.nist.gov/vuln/detail/CVE-2022-2858\n[ 39 ] CVE-2022-2859\n https://nvd.nist.gov/vuln/detail/CVE-2022-2859\n[ 40 ] CVE-2022-2860\n https://nvd.nist.gov/vuln/detail/CVE-2022-2860\n[ 41 ] CVE-2022-2861\n https://nvd.nist.gov/vuln/detail/CVE-2022-2861\n[ 42 ] CVE-2022-33636\n https://nvd.nist.gov/vuln/detail/CVE-2022-33636\n[ 43 ] CVE-2022-33649\n https://nvd.nist.gov/vuln/detail/CVE-2022-33649\n[ 44 ] CVE-2022-35796\n https://nvd.nist.gov/vuln/detail/CVE-2022-35796\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-35\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-07-20-2 macOS Monterey 12.5\n\nmacOS Monterey 12.5 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213345. \n\nAPFS\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleMobileFileIntegrity\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to break out of its sandbox\nDescription: This issue was addressed with improved checks. \nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu\nSecurity, Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32820: an anonymous researcher\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\nAutomation\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nCalendar\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security\n\nCoreMedia\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom\n(@jaakerblom)\n\nCoreText\nAvailable for: macOS Monterey\nImpact: A remote user may cause an unexpected app termination or\narbitrary code execution\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\nFile System Events\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32819: Joshua Mason of Mandiant\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: Multiple out-of-bounds write issues were addressed with\nimproved bounds checking. \nCVE-2022-32793: an anonymous researcher\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\niCloud Photo Library\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2022-32849: Joshua Jones\n\nICU\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may result in\ndisclosure of process memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32841: hjy79425575\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing an image may lead to a denial-of-service\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2022-32811: ABC Research s.r.o\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. \n\nKernel\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32813: Xinru Chi of Pangu Lab\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32817: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32829: an anonymous researcher\n\nLiblouis\nAvailable for: macOS Monterey\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China\n(nipc.org.cn)\n\nlibxml2\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-32823\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: An issue in the handling of environment variables was\naddressed with improved validation. \nCVE-2022-32786: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed with improved checks. \nCVE-2022-32800: Mickey Jin (@patch1t)\n\nPluginKit\nAvailable for: macOS Monterey\nImpact: An app may be able to read arbitrary files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\nPS Normalizer\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted Postscript file may result\nin unexpected app termination or disclosure of process memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32843: Kai Lu of Zscaler\u0027s ThreatLabz\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position may be able to leak\nsensitive information\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)\n\nSoftware Update\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position can track a user\u2019s\nactivity\nDescription: This issue was addressed by using HTTPS when sending\ninformation over the network. \nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\nSpindump\nAvailable for: macOS Monterey\nImpact: An app may be able to overwrite arbitrary files\nDescription: This issue was addressed with improved file handling. \nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nSpotlight\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32801: Joshua Mason (@josh@jhu.edu)\n\nsubversion\nAvailable for: macOS Monterey\nImpact: Multiple issues in subversion\nDescription: Multiple issues were addressed by updating subversion. \nCVE-2021-28544: Evgeny Kotkov, visualsvn.com\nCVE-2022-24070: Evgeny Kotkov, visualsvn.com\nCVE-2022-29046: Evgeny Kotkov, visualsvn.com\nCVE-2022-29048: Evgeny Kotkov, visualsvn.com\n\nTCC\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An access issue was addressed with improvements to the\nsandbox. \nCVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 239316\nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nWebKit Bugzilla: 240720\nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero\nDay Initiative\n\nWebRTC\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. \nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 242339\nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32837: Wang Yu of Cyberserval\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A remote user may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32847: Wang Yu of Cyberserval\n\nWindows Server\nAvailable for: macOS Monterey\nImpact: An app may be able to capture a user\u2019s screen\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32848: Jeremy Legendre of MacEnhance\n\nAdditional recognition\n\n802.1X\nWe would like to acknowledge Shin Sun of National Taiwan University\nfor their assistance. \n\nAppleMobileFileIntegrity\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nCalendar\nWe would like to acknowledge Joshua Jones for their assistance. \n\nconfigd\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nDiskArbitration\nWe would like to acknowledge Mike Cush for their assistance. \n\nmacOS Monterey 12.5 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p\nrhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b\n/Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh\n6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn\nEr5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa\nmcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9\nV1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr\npfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD\nTY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q\nWqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV\nfz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n\nDJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg=\n=ibIr\n-----END PGP SIGNATURE-----\n\n\n\n. \n\nBackground\n=========\nQtWebEngine is a library for rendering dynamic web content in Qt5 and\nQt6 C++ and QML applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2294"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "VULHUB",
"id": "VHN-427072"
},
{
"db": "PACKETSTORM",
"id": "168089"
},
{
"db": "PACKETSTORM",
"id": "169355"
},
{
"db": "PACKETSTORM",
"id": "168226"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "168126"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "175908"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-427072",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427072"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2294",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/07/28/2",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "168126",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168226",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168089",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167792",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3553",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4061",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3389",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3254",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070442",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071215",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072104",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070614",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071824",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167786",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167787",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-49948",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-427072",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2294",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169355",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175908",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427072"
},
{
"db": "VULMON",
"id": "CVE-2022-2294"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "PACKETSTORM",
"id": "168089"
},
{
"db": "PACKETSTORM",
"id": "169355"
},
{
"db": "PACKETSTORM",
"id": "168226"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "168126"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "175908"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"id": "VAR-202205-1370",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427072"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T20:23:53.107000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/"
},
{
"title": "Google Chrome Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=202541"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ExpLangcn/FuYao-Go "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2294"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427072"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-35"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-39"
},
{
"trust": 1.7,
"url": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html"
},
{
"trust": 1.7,
"url": "https://crbug.com/1341043"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2022/07/28/2"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2294"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5bqrtr4siunihllpwtgysdnqk7dycrsb/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/h2c4xojviildxtosmwjxhsqnexfwsod7/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5bqrtr4siunihllpwtgysdnqk7dycrsb/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h2c4xojviildxtosmwjxhsqnexfwsod7/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070442"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072104"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/chrome-multiple-vulnerabilities-38727"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168126/gentoo-linux-security-advisory-202208-35.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168226/gentoo-linux-security-advisory-202208-39.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213346"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkit-buffer-overflow-via-webrtc-38874"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4061"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167792/apple-security-advisory-2022-07-20-7.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168089/ubuntu-security-notice-usn-5568-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070614"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071824"
},
{
"trust": 0.6,
"url": "https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3254"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-2294"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3553"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2294/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3389"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071215"
},
{
"trust": 0.3,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.3,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.3,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32792"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2296"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2295"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32784"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32793"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26981"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.6-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5568-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.6-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/chromium"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30293"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2022-0008.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30294"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2022-0002.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22592"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32893"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2022-0003.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2022-0007.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32810"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32813"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213346."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26768"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2608"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33636"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2856"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2853"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2479"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2855"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33649"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2860"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2859"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2477"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2606"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2861"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2605"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2163"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2607"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2620"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24070"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213345."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29046"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29048"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3079"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2940"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2932"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-44708"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5486"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3201"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0138"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4174"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4077"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4191"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5482"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4764"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2941"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5853"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4437"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-21796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5485"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41115"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2724"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4073"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5856"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4071"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2937"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4076"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-6112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5859"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4176"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5855"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4188"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4440"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5473"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4186"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4763"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4194"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0132"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4075"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4078"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2931"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5477"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5474"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5479"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4189"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5997"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2933"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0133"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5484"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-44688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2936"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3215"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4072"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0140"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2938"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427072"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "PACKETSTORM",
"id": "168089"
},
{
"db": "PACKETSTORM",
"id": "169355"
},
{
"db": "PACKETSTORM",
"id": "168226"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "168126"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "175908"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-427072"
},
{
"db": "VULMON",
"id": "CVE-2022-2294"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "PACKETSTORM",
"id": "168089"
},
{
"db": "PACKETSTORM",
"id": "169355"
},
{
"db": "PACKETSTORM",
"id": "168226"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "168126"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "175908"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-427072"
},
{
"date": "2023-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"date": "2022-08-15T16:05:06",
"db": "PACKETSTORM",
"id": "168089"
},
{
"date": "2022-07-28T19:12:00",
"db": "PACKETSTORM",
"id": "169355"
},
{
"date": "2022-09-01T16:33:44",
"db": "PACKETSTORM",
"id": "168226"
},
{
"date": "2022-07-22T16:22:17",
"db": "PACKETSTORM",
"id": "167786"
},
{
"date": "2022-08-22T16:02:18",
"db": "PACKETSTORM",
"id": "168126"
},
{
"date": "2022-07-22T16:22:49",
"db": "PACKETSTORM",
"id": "167787"
},
{
"date": "2023-11-25T17:01:13",
"db": "PACKETSTORM",
"id": "175908"
},
{
"date": "2022-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-345"
},
{
"date": "2022-07-28T02:15:07.797000",
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-427072"
},
{
"date": "2023-09-29T09:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"date": "2022-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-345"
},
{
"date": "2024-06-28T14:08:30.807000",
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "168089"
},
{
"db": "PACKETSTORM",
"id": "168126"
},
{
"db": "PACKETSTORM",
"id": "175908"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Google\u00a0Chrome\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
}
],
"trust": 0.6
}
}