var-202202-0163
Vulnerability from variot
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Expat is a fast streaming XML parser written in C. Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.5.1 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/
Security update:
- nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)
Bug fixes:
-
Can't install submariner add-ons from UI on unsupported cloud provider (BZ# 2087686)
-
policy controller addons are Progressing status (unhealthy from backend) on OCP3.11 in ARM hub (BZ# 2088270)
-
RHACM 2.5.1 images (BZ# 2090802)
-
Broken link to Submariner manual install instructions (BZ# 2095333)
-
The backend service is unavailablewhen accessing ACM 2.5 Overview page (BZ# 2096389) -
64 character length causing clusters to unsubscribe (BZ# 2101453)
-
Solution:
For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions on installing this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing
- Bugs fixed (https://bugzilla.redhat.com/):
2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
2087686 - Can't install submariner add-ons from UI on unsupported cloud provider
2088270 - policy controller addons are Progressing status (unhealthy from backend) on OCP3.11 in ARM hub
2090802 - RHACM 2.5.1 images
2095333 - Broken link to Submariner manual install instructions
2096389 - The backend service is unavailable when accessing ACM 2.5 Overview page
2101453 - 64 character length causing clusters to unsubscribe
-
Gentoo Linux Security Advisory GLSA 202209-24
https://security.gentoo.org/
Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24
Synopsis
Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.
Background
Expat is a set of XML parsing libraries.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/expat < 2.4.9 >= 2.4.9
Description
Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Expat users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9"
References
[ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202209-24
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update Advisory ID: RHSA-2022:6290-01 Product: OpenShift API for Data Protection Advisory URL: https://access.redhat.com/errata/RHSA-2022:6290 Issue date: 2022-09-01 CVE Names: CVE-2021-3634 CVE-2021-40528 CVE-2022-1271 CVE-2022-1292 CVE-2022-1586 CVE-2022-2068 CVE-2022-2097 CVE-2022-21698 CVE-2022-24675 CVE-2022-25313 CVE-2022-25314 CVE-2022-26691 CVE-2022-28327 CVE-2022-29154 CVE-2022-29824 CVE-2022-30629 CVE-2022-30631 CVE-2022-32206 CVE-2022-32208 ==================================================================== 1. Summary:
OpenShift API for Data Protection (OADP) 1.1.0 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.
Security Fix(es) from Bugzilla:
-
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
-
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
-
golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
-
golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
-
golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- JIRA issues fixed (https://issues.jboss.org/):
OADP-145 - Restic Restore stuck on InProgress status when app is deployed with DeploymentConfig
OADP-154 - Ensure support for backing up resources based on different label selectors
OADP-194 - Remove the registry dependency from OADP
OADP-199 - Enable support for restore of existing resources
OADP-224 - Restore silently ignore resources if they exist - restore log not updated
OADP-225 - Restore doesn't update velero.io/backup-name when a resource is updated
OADP-234 - Implementation of incremental restore
OADP-324 - Add label to Expired backups failing garbage collection
OADP-382 - 1.1: Update downstream OLM channels to support different x and y-stream releases
OADP-422 - [GCP] An attempt of snapshoting volumes on CSI storageclass using Velero-native snapshots fails because it's unable to find the zone
OADP-423 - CSI Backup is not blocked and does not wait for snapshot to complete
OADP-478 - volumesnapshotcontent cannot be deleted; SnapshotDeleteError Failed to delete snapshot
OADP-528 - The volumesnapshotcontent is not removed for the synced backup
OADP-533 - OADP Backup via Ceph CSI snapshot hangs indefinitely on OpenShift v4.10
OADP-538 - typo on noDefaultBackupLocation error on DPA CR
OADP-552 - Validate OADP with 4.11 and Pod Security Admissions
OADP-558 - Empty Failed Backup CRs can't be removed
OADP-585 - OADP 1.0.3: CSI functionality is broken on OCP 4.11 due to missing v1beta1 API version
OADP-586 - registry deployment still exists on 1.1 build, and the registry pod gets recreated endlessly
OADP-592 - OADP must-gather add support for insecure tls
OADP-597 - BSL validation logs
OADP-598 - Data mover performance on backup blocks backup process
OADP-599 - [Data Mover] Datamover Restic secret cannot be configured per bsl
OADP-600 - Operator should validate volsync installation and raise warning if data mover is enabled
OADP-602 - Support GCP for openshift-velero-plugin registry
OADP-605 - [OCP 4.11] CSI restore fails with admission webhook \"volumesnapshotclasses.snapshot.storage.k8s.io\" denied
OADP-607 - DataMover: VSB is stuck on SnapshotBackupDone
OADP-610 - Data mover fails if a stale volumesnapshot exists in application namespace
OADP-613 - DataMover: upstream documentation refers wrong CRs
OADP-637 - Restic backup fails with CA certificate
OADP-643 - [Data Mover] VSB and VSR names are not unique
OADP-644 - VolumeSnapshotBackup and VolumeSnapshotRestore timeouts should be configurable
OADP-648 - Remove default limits for velero and restic pods
OADP-652 - Data mover VolSync pod errors with Noobaa
OADP-655 - DataMover: volsync-dst-vsr pod completes although not all items where restored in the namespace
OADP-660 - Data mover restic secret does not support Azure
OADP-698 - DataMover: volume-snapshot-mover pod points to upstream image
OADP-715 - Restic restore fails: restic-wait container continuously fails with "Not found: /restores/
- References:
https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-26691 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYxA0ftzjgjWX9erEAQgcZBAAhpl5yhUlRDVqai0DF0VUbpNENP0oqAEU nSI4eOGm66Y8d2Qtymae3HwiP8Fa+FIg+QLlQqJaLSPRpttv1kxmB7vL2fzcDyQ2 6VKUFLV9Lo9oSUqfAlvO8rbSWMvvickV3kTYC+HDgz5/Y3C2JKA1wlhn/5548Iq0 syHaj/sLw3lYK9AsQDrgN+FWFnNgUsqPmb5WmgQ3HoYP4Ksq1jpcnWAtqkNl7eT4 IeBAl1B8+I5l4eDj20HJyaGh5h37loCLW1NhcVeoqrwqnkWKVXcbXeYanEoRGCya Y38JtNmFlNLjQ69sWoyLonDqKdNQmnbhWRYzRjQF7nGAB+STG9uJ1e1e75T4IoD7 m0gMS30vjC9rqV455m8sOeDwNf+1rPAXmgC5QR1mEavd1LphlHkO56a+j4aPVPGV V/ItM94tAuFvdkL7ZPRMxNux0CMzkBtvEeh3wbUXWF1UKw6ew8yhLHoUevCI2paT ggXr3kbBV5yAKgT/+c6TRGYiI66pV1RjCOpE/tJYYpiNhq2dhxjpm0e9RRxLtoTK EazQq5tWEYDqNcY2LmXIAwgnIhygqy6HXVBI04rqdI4WKgHPtnp8vfSNaArfSCUP kC85ROZc6ZTBOPVWEBT34Y64lPO37jzXhuvvytOmOtUJbuWn4XFl9rRswRnv/yKU Rl4NtEV1XHs=zaXV -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):
2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u3.
For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u2.
We recommend that you upgrade your expat packages.
For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIVRKdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SL9w//RNie279tKBMcCgzAMRvLLaRJuNSs/akfBMFJ77Db4X/CSprrIseKoK8N Z0jA6pMK+AvY4NW+lhOKq3C1j5ZrtuudHdq17QJoJqBYcvl6vZjbwomr+aVhMg5E D3BwTC4jS9FDeo5eaxsq816gFaR6fEnRXCVeTIp7eu32dOzdf+9cqFBWJM5B3ivK F50Y+NH+tTq3tyjD983XxdFpO8w2hHkIlWQGJk550Qxuyww6gEyrr2fu7ixYNcB9 /+UDebxV4IDg5UnzEvcvR2acIX6oL3+HeKoRBj8D6IiA4hS+A2XReOnRZz5AulM8 pBHz+oJfoh+a/l7YBZ83Q7pmlXXvKcQQ0Z8gEURJhpbQkUdgfQROduzQVvbQdBxX Olq62vZXTi0W6FaKiCrY+PP//aCpflcl9zP1odU0grg/oWiVN6bZMUG/Fj+eZdRv TCJZTLvRGpMhvmISadKBtXcXcxXJYvijva7zqsDp+oRemiLwOytqNzyfmTUm1rff JvWLnyviQDtLcDq41+a+vI7wbwSZ/K8v5cUp8mWqw7TT28u0wcILKC+jLCo7GsrV tL71cV6hI7aw/VNziwSJsfs5Ei7jDchNQKoEJh/Z108EZnjeNBZr2PNhRoyvVaau mxgqrfbcayyjrw+EE12OaA7zpBv/DS7HR7mKU3O8DdFNI4J2w/E= =MVQQ -----END PGP SIGNATURE----- . Bugs fixed (https://bugzilla.redhat.com/):
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0163",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "libexpat",
"scope": "lt",
"trust": 1.0,
"vendor": "libexpat",
"version": "2.4.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25313"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens notified CISA of these vulnerabilities.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1613"
}
],
"trust": 0.6
},
"cve": "CVE-2022-25313",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-25313",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-415280",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-25313",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-25313",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1613",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-415280",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-25313",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415280"
},
{
"db": "VULMON",
"id": "CVE-2022-25313"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1613"
},
{
"db": "NVD",
"id": "CVE-2022-25313"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Expat is a fast streaming XML parser written in C. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.5.1 General\nAvailability release images, which fix security issues and bugs. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.5.1 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/\n\nSecurity update:\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\"\nfeature authenticated user can obtain the privileges of the System account\n(CVE-2022-24450)\n\nBug fixes:\n\n* Can\u0027t install submariner add-ons from UI on unsupported cloud provider\n(BZ# 2087686)\n\n* policy controller addons are Progressing status (unhealthy from backend)\non OCP3.11 in ARM hub (BZ# 2088270)\n\n* RHACM 2.5.1 images (BZ# 2090802)\n\n* Broken link to Submariner manual install instructions (BZ# 2095333)\n\n* `The backend service is unavailable` when accessing ACM 2.5 Overview page\n(BZ# 2096389)\n\n* 64 character length causing clusters to unsubscribe (BZ# 2101453)\n\n3. Solution:\n\nFor Red Hat Advanced Cluster Management for Kubernetes, see the following\ndocumentation, which will be updated shortly for this release, for\nimportant\ninstructions on installing this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature authenticated user can obtain the privileges of the System account\n2087686 - Can\u0027t install submariner add-ons from UI on unsupported cloud provider\n2088270 - policy controller addons are Progressing status (unhealthy from backend) on OCP3.11 in ARM hub\n2090802 - RHACM 2.5.1 images\n2095333 - Broken link to Submariner manual install instructions\n2096389 - `The backend service is unavailable` when accessing ACM 2.5 Overview page\n2101453 - 64 character length causing clusters to unsubscribe\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202209-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Expat: Multiple Vulnerabilities\n Date: September 29, 2022\n Bugs: #791703, #830422, #831918, #833431, #870097\n ID: 202209-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Expat, the worst of\nwhich could result in arbitrary code execution. \n\nBackground\n=========\nExpat is a set of XML parsing libraries. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/expat \u003c 2.4.9 \u003e= 2.4.9\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Expat. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Expat users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e\\xdev-libs/expat-2.4.9\"\n\nReferences\n=========\n[ 1 ] CVE-2021-45960\n https://nvd.nist.gov/vuln/detail/CVE-2021-45960\n[ 2 ] CVE-2021-46143\n https://nvd.nist.gov/vuln/detail/CVE-2021-46143\n[ 3 ] CVE-2022-22822\n https://nvd.nist.gov/vuln/detail/CVE-2022-22822\n[ 4 ] CVE-2022-22823\n https://nvd.nist.gov/vuln/detail/CVE-2022-22823\n[ 5 ] CVE-2022-22824\n https://nvd.nist.gov/vuln/detail/CVE-2022-22824\n[ 6 ] CVE-2022-22825\n https://nvd.nist.gov/vuln/detail/CVE-2022-22825\n[ 7 ] CVE-2022-22826\n https://nvd.nist.gov/vuln/detail/CVE-2022-22826\n[ 8 ] CVE-2022-22827\n https://nvd.nist.gov/vuln/detail/CVE-2022-22827\n[ 9 ] CVE-2022-23852\n https://nvd.nist.gov/vuln/detail/CVE-2022-23852\n[ 10 ] CVE-2022-23990\n https://nvd.nist.gov/vuln/detail/CVE-2022-23990\n[ 11 ] CVE-2022-25235\n https://nvd.nist.gov/vuln/detail/CVE-2022-25235\n[ 12 ] CVE-2022-25236\n https://nvd.nist.gov/vuln/detail/CVE-2022-25236\n[ 13 ] CVE-2022-25313\n https://nvd.nist.gov/vuln/detail/CVE-2022-25313\n[ 14 ] CVE-2022-25314\n https://nvd.nist.gov/vuln/detail/CVE-2022-25314\n[ 15 ] CVE-2022-25315\n https://nvd.nist.gov/vuln/detail/CVE-2022-25315\n[ 16 ] CVE-2022-40674\n https://nvd.nist.gov/vuln/detail/CVE-2022-40674\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-24\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update\nAdvisory ID: RHSA-2022:6290-01\nProduct: OpenShift API for Data Protection\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6290\nIssue date: 2022-09-01\nCVE Names: CVE-2021-3634 CVE-2021-40528 CVE-2022-1271\n CVE-2022-1292 CVE-2022-1586 CVE-2022-2068\n CVE-2022-2097 CVE-2022-21698 CVE-2022-24675\n CVE-2022-25313 CVE-2022-25314 CVE-2022-26691\n CVE-2022-28327 CVE-2022-29154 CVE-2022-29824\n CVE-2022-30629 CVE-2022-30631 CVE-2022-32206\n CVE-2022-32208\n====================================================================\n1. Summary:\n\nOpenShift API for Data Protection (OADP) 1.1.0 is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nOpenShift API for Data Protection (OADP) enables you to back up and restore\napplication resources, persistent volume data, and internal container\nimages to external backup storage. OADP enables both file system-based and\nsnapshot-based backups for persistent volumes. \n\nSecurity Fix(es) from Bugzilla:\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: crypto/elliptic: panic caused by oversized scalar\n(CVE-2022-28327)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOADP-145 - Restic Restore stuck on InProgress status when app is deployed with DeploymentConfig\nOADP-154 - Ensure support for backing up resources based on different label selectors\nOADP-194 - Remove the registry dependency from OADP\nOADP-199 - Enable support for restore of existing resources\nOADP-224 - Restore silently ignore resources if they exist - restore log not updated\nOADP-225 - Restore doesn\u0027t update velero.io/backup-name when a resource is updated\nOADP-234 - Implementation of incremental restore\nOADP-324 - Add label to Expired backups failing garbage collection\nOADP-382 - 1.1: Update downstream OLM channels to support different x and y-stream releases\nOADP-422 - [GCP] An attempt of snapshoting volumes on CSI storageclass using Velero-native snapshots fails because it\u0027s unable to find the zone\nOADP-423 - CSI Backup is not blocked and does not wait for snapshot to complete\nOADP-478 - volumesnapshotcontent cannot be deleted; SnapshotDeleteError Failed to delete snapshot\nOADP-528 - The volumesnapshotcontent is not removed for the synced backup\nOADP-533 - OADP Backup via Ceph CSI snapshot hangs indefinitely on OpenShift v4.10\nOADP-538 - typo on noDefaultBackupLocation error on DPA CR\nOADP-552 - Validate OADP with 4.11 and Pod Security Admissions\nOADP-558 - Empty Failed Backup CRs can\u0027t be removed\nOADP-585 - OADP 1.0.3: CSI functionality is broken on OCP 4.11 due to missing v1beta1 API version\nOADP-586 - registry deployment still exists on 1.1 build, and the registry pod gets recreated endlessly\nOADP-592 - OADP must-gather add support for insecure tls\nOADP-597 - BSL validation logs\nOADP-598 - Data mover performance on backup blocks backup process\nOADP-599 - [Data Mover] Datamover Restic secret cannot be configured per bsl\nOADP-600 - Operator should validate volsync installation and raise warning if data mover is enabled\nOADP-602 - Support GCP for openshift-velero-plugin registry\nOADP-605 - [OCP 4.11] CSI restore fails with admission webhook \\\"volumesnapshotclasses.snapshot.storage.k8s.io\\\" denied\nOADP-607 - DataMover: VSB is stuck on SnapshotBackupDone\nOADP-610 - Data mover fails if a stale volumesnapshot exists in application namespace\nOADP-613 - DataMover: upstream documentation refers wrong CRs\nOADP-637 - Restic backup fails with CA certificate\nOADP-643 - [Data Mover] VSB and VSR names are not unique\nOADP-644 - VolumeSnapshotBackup and VolumeSnapshotRestore timeouts should be configurable\nOADP-648 - Remove default limits for velero and restic pods\nOADP-652 - Data mover VolSync pod errors with Noobaa\nOADP-655 - DataMover: volsync-dst-vsr pod completes although not all items where restored in the namespace\nOADP-660 - Data mover restic secret does not support Azure\nOADP-698 - DataMover: volume-snapshot-mover pod points to upstream image\nOADP-715 - Restic restore fails: restic-wait container continuously fails with \"Not found: /restores/\u003cpod-volume\u003e/.velero/\u003crestore-UID\u003e\"\nOADP-716 - Incremental restore: second restore of a namespace partially fails\nOADP-736 - Data mover VSB always fails with volsync 0.5\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3634\nhttps://access.redhat.com/security/cve/CVE-2021-40528\nhttps://access.redhat.com/security/cve/CVE-2022-1271\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-2097\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-24675\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-26691\nhttps://access.redhat.com/security/cve/CVE-2022-28327\nhttps://access.redhat.com/security/cve/CVE-2022-29154\nhttps://access.redhat.com/security/cve/CVE-2022-29824\nhttps://access.redhat.com/security/cve/CVE-2022-30629\nhttps://access.redhat.com/security/cve/CVE-2022-30631\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYxA0ftzjgjWX9erEAQgcZBAAhpl5yhUlRDVqai0DF0VUbpNENP0oqAEU\nnSI4eOGm66Y8d2Qtymae3HwiP8Fa+FIg+QLlQqJaLSPRpttv1kxmB7vL2fzcDyQ2\n6VKUFLV9Lo9oSUqfAlvO8rbSWMvvickV3kTYC+HDgz5/Y3C2JKA1wlhn/5548Iq0\nsyHaj/sLw3lYK9AsQDrgN+FWFnNgUsqPmb5WmgQ3HoYP4Ksq1jpcnWAtqkNl7eT4\nIeBAl1B8+I5l4eDj20HJyaGh5h37loCLW1NhcVeoqrwqnkWKVXcbXeYanEoRGCya\nY38JtNmFlNLjQ69sWoyLonDqKdNQmnbhWRYzRjQF7nGAB+STG9uJ1e1e75T4IoD7\nm0gMS30vjC9rqV455m8sOeDwNf+1rPAXmgC5QR1mEavd1LphlHkO56a+j4aPVPGV\nV/ItM94tAuFvdkL7ZPRMxNux0CMzkBtvEeh3wbUXWF1UKw6ew8yhLHoUevCI2paT\nggXr3kbBV5yAKgT/+c6TRGYiI66pV1RjCOpE/tJYYpiNhq2dhxjpm0e9RRxLtoTK\nEazQq5tWEYDqNcY2LmXIAwgnIhygqy6HXVBI04rqdI4WKgHPtnp8vfSNaArfSCUP\nkC85ROZc6ZTBOPVWEBT34Y64lPO37jzXhuvvytOmOtUJbuWn4XFl9rRswRnv/yKU\nRl4NtEV1XHs=zaXV\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation\n2101411 - RHACM 2.3.12 images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n5. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.2.6-2+deb10u3. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.2.10-2+deb11u2. \n\nWe recommend that you upgrade your expat packages. \n\nFor the detailed security status of expat please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/expat\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIVRKdfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0SL9w//RNie279tKBMcCgzAMRvLLaRJuNSs/akfBMFJ77Db4X/CSprrIseKoK8N\nZ0jA6pMK+AvY4NW+lhOKq3C1j5ZrtuudHdq17QJoJqBYcvl6vZjbwomr+aVhMg5E\nD3BwTC4jS9FDeo5eaxsq816gFaR6fEnRXCVeTIp7eu32dOzdf+9cqFBWJM5B3ivK\nF50Y+NH+tTq3tyjD983XxdFpO8w2hHkIlWQGJk550Qxuyww6gEyrr2fu7ixYNcB9\n/+UDebxV4IDg5UnzEvcvR2acIX6oL3+HeKoRBj8D6IiA4hS+A2XReOnRZz5AulM8\npBHz+oJfoh+a/l7YBZ83Q7pmlXXvKcQQ0Z8gEURJhpbQkUdgfQROduzQVvbQdBxX\nOlq62vZXTi0W6FaKiCrY+PP//aCpflcl9zP1odU0grg/oWiVN6bZMUG/Fj+eZdRv\nTCJZTLvRGpMhvmISadKBtXcXcxXJYvijva7zqsDp+oRemiLwOytqNzyfmTUm1rff\nJvWLnyviQDtLcDq41+a+vI7wbwSZ/K8v5cUp8mWqw7TT28u0wcILKC+jLCo7GsrV\ntL71cV6hI7aw/VNziwSJsfs5Ei7jDchNQKoEJh/Z108EZnjeNBZr2PNhRoyvVaau\nmxgqrfbcayyjrw+EE12OaA7zpBv/DS7HR7mKU3O8DdFNI4J2w/E=\n=MVQQ\n-----END PGP SIGNATURE-----\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25313"
},
{
"db": "VULHUB",
"id": "VHN-415280"
},
{
"db": "VULMON",
"id": "CVE-2022-25313"
},
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "167853"
},
{
"db": "PACKETSTORM",
"id": "168578"
},
{
"db": "PACKETSTORM",
"id": "168228"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "169228"
},
{
"db": "PACKETSTORM",
"id": "167984"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-25313",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-484086",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/02/19/1",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "167853",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167985",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168228",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168578",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168022",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168265",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167671",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168054",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166254",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167778",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169777",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168351",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-17",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022031502",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060617",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061722",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072127",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070641",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060122",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032005",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031406",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022109",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070538",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072631",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042116",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022411",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041954",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071342",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0934",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3982",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3554",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4744",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5749",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0946",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4568",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3224",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3644",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3873",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4601",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4324",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0785.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3821",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2607",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1613",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167984",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167845",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167648",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167838",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2022-18354",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-415280",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-25313",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168213",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169228",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415280"
},
{
"db": "VULMON",
"id": "CVE-2022-25313"
},
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "167853"
},
{
"db": "PACKETSTORM",
"id": "168578"
},
{
"db": "PACKETSTORM",
"id": "168228"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "169228"
},
{
"db": "PACKETSTORM",
"id": "167984"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1613"
},
{
"db": "NVD",
"id": "CVE-2022-25313"
}
]
},
"id": "VAR-202202-0163",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415280"
}
],
"trust": 0.7003805
},
"last_update_date": "2024-09-19T20:09:24.162000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Expat Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=184618"
},
{
"title": "Ubuntu Security Notice: USN-5320-1: Expat vulnerabilities and regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5320-1"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-25313"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2280",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2280"
},
{
"title": "Debian Security Advisories: DSA-5085-1 expat -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b32ad21c953fb4340d1a4cbd3394eb98"
},
{
"title": "Red Hat: Important: mingw-expat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227811 - Security Advisory"
},
{
"title": "Red Hat: Moderate: ACS 3.71 enhancement and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225704 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Openshift Logging Bug Fix and security update Release (5.3.10)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225908 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Logging Subsystem 5.4.3 - Red Hat OpenShift security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225556 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Openshift Logging Bug Fix and security update Release (5.2.13)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225909 - Security Advisory"
},
{
"title": "Red Hat: Moderate: New container image for Red Hat Ceph Storage 5.2 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226024 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226290 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227143 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227144 - Security Advisory"
},
{
"title": "Red Hat: Important: Release of containers for OSP 16.2.z director operator tech preview",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225673 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.5.1 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225531 - Security Advisory"
},
{
"title": "Red Hat: Moderate: RHSA: Submariner 0.13 - security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226346 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226430 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.12 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226271 - Security Advisory"
},
{
"title": "Red Hat: Critical: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226696 - Security Advisory"
},
{
"title": "Red Hat: Important: Release of OpenShift Serverless 1.24.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226040 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, \u0026 bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226156 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225840 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.11.0 extras and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225070 - Security Advisory"
},
{
"title": "Amazon Linux 2022: ALAS-2022-232",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-232"
},
{
"title": "Red Hat: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226526 - Security Advisory"
},
{
"title": "Red Hat: Important: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226429 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225069 - Security Advisory"
},
{
"title": "Linux_OS20.04_X64_By_Griggorii_ubuntu_focal_fossa-linux-image-kernel-5.6.0-oem #not bubblewrap\nISO DOWNLOAD size 2Gb ubuntu-20.04.2-desktop-amd64.iso: https://drive.google.com/file/d/1-2AWbtRp0aXwGdmgcrJLbMERtcOT_oUs/view?usp=sharing",
"trust": 0.1,
"url": "https://github.com/Griggorii/Ubuntu-20.04.2-desktop-amd64_By_Griggorii_linux-image-kernel-5.6.0-oem "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/manas3c/CVE-POC "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-25313"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1613"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-674",
"trust": 1.0
},
{
"problemtype": "CWE-400",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415280"
},
{
"db": "NVD",
"id": "CVE-2022-25313"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202209-24"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20220303-0008/"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2022/dsa-5085"
},
{
"trust": 1.8,
"url": "https://github.com/libexpat/libexpat/pull/558"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2022/02/19/1"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072631"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031406"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2607"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071342"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022411"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167853/red-hat-security-advisory-2022-5531-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/expat-five-vulnerabilities-37608"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-25313/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0934"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3982"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3224"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167985/red-hat-security-advisory-2022-5909-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032005"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3644"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169777/red-hat-security-advisory-2022-7811-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3821"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070641"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072127"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168228/red-hat-security-advisory-2022-6290-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5749"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022109"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167671/red-hat-security-advisory-2022-5244-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061722"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060122"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168351/red-hat-security-advisory-2022-6430-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0946"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031502"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070538"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168022/red-hat-security-advisory-2022-6024-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0785.2"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168054/red-hat-security-advisory-2022-6040-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3554"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3873"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168265/red-hat-security-advisory-2022-6346-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4324"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166254/ubuntu-security-notice-usn-5320-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167778/red-hat-security-advisory-2022-5673-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4568"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4601"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4744"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1621"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1629"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-34169"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29824"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21541"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21541"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-29154"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/674.html"
},
{
"trust": 0.1,
"url": "https://github.com/griggorii/ubuntu-20.04.2-desktop-amd64_by_griggorii_linux-image-kernel-5.6.0-oem"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5320-1"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5909"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3697"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3697"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28737"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3634"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6290"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26691"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28327"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3634"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21123"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21125"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2526"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/expat"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5908"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415280"
},
{
"db": "VULMON",
"id": "CVE-2022-25313"
},
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "167853"
},
{
"db": "PACKETSTORM",
"id": "168578"
},
{
"db": "PACKETSTORM",
"id": "168228"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "169228"
},
{
"db": "PACKETSTORM",
"id": "167984"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1613"
},
{
"db": "NVD",
"id": "CVE-2022-25313"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415280"
},
{
"db": "VULMON",
"id": "CVE-2022-25313"
},
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "167853"
},
{
"db": "PACKETSTORM",
"id": "168578"
},
{
"db": "PACKETSTORM",
"id": "168228"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "169228"
},
{
"db": "PACKETSTORM",
"id": "167984"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1613"
},
{
"db": "NVD",
"id": "CVE-2022-25313"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-415280"
},
{
"date": "2022-02-18T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25313"
},
{
"date": "2022-08-05T14:52:04",
"db": "PACKETSTORM",
"id": "167985"
},
{
"date": "2022-07-27T17:32:40",
"db": "PACKETSTORM",
"id": "167853"
},
{
"date": "2022-09-30T14:56:43",
"db": "PACKETSTORM",
"id": "168578"
},
{
"date": "2022-09-01T16:34:06",
"db": "PACKETSTORM",
"id": "168228"
},
{
"date": "2022-09-01T16:30:25",
"db": "PACKETSTORM",
"id": "168213"
},
{
"date": "2022-02-28T20:12:00",
"db": "PACKETSTORM",
"id": "169228"
},
{
"date": "2022-08-05T14:51:51",
"db": "PACKETSTORM",
"id": "167984"
},
{
"date": "2022-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1613"
},
{
"date": "2022-02-18T05:15:08.130000",
"db": "NVD",
"id": "CVE-2022-25313"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-415280"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25313"
},
{
"date": "2022-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1613"
},
{
"date": "2023-11-07T03:44:45.670000",
"db": "NVD",
"id": "CVE-2022-25313"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1613"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Expat Resource Management Error Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1613"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1613"
}
],
"trust": 0.6
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.