var-202204-0593
Vulnerability from variot
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 8) - aarch64, ppc64le, s390x, x86_64
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
2059996 - read_lines_limit needs to be adjusted according to the setting of buffer_chunk_size 2066837 - CVE-2022-24769 moby: Default inheritable capabilities for linux container should be empty
- Summary:
New Cryostat 2.1.0 on RHEL 8 container images are now available
- Users of these images are also encouraged to rebuild all container images that depend on these images.
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
For more information, see the documentation linked in the Solution section. Bugs fixed (https://bugzilla.redhat.com/):
2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string
- References:
https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41771 https://access.redhat.com/security/cve/CVE-2021-41772 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21449 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 For details about the security issues see these CVE pages: * https://access.redhat.com/security/updates/classification/#low * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
-
9) - aarch64, noarch, ppc64le, s390x, x86_64
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: java-1.8.0-ibm security update Advisory ID: RHSA-2023:3136-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2023:3136 Issue date: 2023-05-16 CVE Names: CVE-2022-21426 CVE-2023-21830 CVE-2023-21843 ==================================================================== 1. Summary:
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64
- Description:
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
Security Fix(es):
-
OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426)
-
OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021) (CVE-2023-21830)
-
OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of IBM Java must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) 2160475 - CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742) 2160490 - CVE-2023-21830 OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021)
- Package List:
Red Hat Enterprise Linux Client Supplementary (v. 7):
x86_64: java-1.8.0-ibm-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.8.0-1jpp.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Supplementary (v. 7):
x86_64: java-1.8.0-ibm-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.8.0-1jpp.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 7):
ppc64: java-1.8.0-ibm-1.8.0.8.0-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.8.0-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.8.0-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.8.0-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-plugin-1.8.0.8.0-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-src-1.8.0.8.0-1jpp.1.el7.ppc64.rpm
ppc64le: java-1.8.0-ibm-1.8.0.8.0-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.8.0-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.8.0-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.8.0-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.8.0-1jpp.1.el7.ppc64le.rpm
s390x: java-1.8.0-ibm-1.8.0.8.0-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-demo-1.8.0.8.0-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-devel-1.8.0.8.0-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.8.0-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-src-1.8.0.8.0-1jpp.1.el7.s390x.rpm
x86_64: java-1.8.0-ibm-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.8.0-1jpp.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 7):
x86_64: java-1.8.0-ibm-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.8.0-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.8.0-1jpp.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2023-21830 https://access.redhat.com/security/cve/CVE-2023-21843 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZGQXddzjgjWX9erEAQjtrg//WDCW8/RkoEyTvEChqF7uHnK4V3rBSk9+ ubpNx/M2kajuILXohNxBY4tcm3jyvoL6gwwCQ3iMlWA369AHI7DturxjJQr3GziD pbyWqMR4sIyAKJpf32a4MlUBAg01jby2PCxeiD4Llw1Gf2U/BRsDalXoVz/s7dhB jCO3qNpIbZNmg8gG7jbWbgtCMreM17sONQdWCg5sgfRAKakgcH8xMCWpb02tmLCR gS7f4m24sLDhSvWQGxkhkXwhpiG5wGIYnFaS7cQzdHpHS37qOVGshTpgJEsI9c0S zTfYYkpCJivl/aENlnYKpVgHmSPP9Qxo0TO18A8y53bJXJBLNBjw6fjDkJLcfOuI jwHGNnbR1vAhQieD5ACT7rTADBx8fsv2EAqgvGgopuuOPHSKQYxQgCBQu/ZqBf02 1n3cw0OieNoqW7HqW4qrTkYxma9L5WxfAPTgZhN0OUiWMgLfNtQjuRoSHKGNtwAk //tqVreuJPxNGBajdvXEhDLxuBeLiUnxvkgLgaZ+J39MeI3pV5XPbR1qswy7Nsor 4L+ulZussEs8yZfPzhBMfyARuOGBFX07Cfy1cT381KsisjoUK6OsKnByO/tsOa7d nrm/7B+ANBS59mTjRDKtE4/cdVIwvn9qt9/zg8kSUS1x7CjaQ2qyLbTczKyFRiSK QcLjOlHi3+I=ckJc -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):
2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
- JIRA issues fixed (https://issues.jboss.org/):
LOG-2437 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.4] LOG-2442 - Log file metric exporter not working with /var/log/pods LOG-2448 - Audit and journald logs cannot be viewed from LokiStack, when logs are forwarded with Vector as collector.
For the stable distribution (bullseye), these problems have been fixed in version 17.0.3+7-1~deb11u1.
We recommend that you upgrade your openjdk-17 packages.
For the detailed security status of openjdk-17 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-17
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJxl3wACgkQEMKTtsN8 Tja/zg/7BeUmTL3RGbn6PBexYoRYRGd5TIgkjajpMhKJfgMJezJ95sDP1jKZmZ7W 5W7R3iqBYUIjJl+wcoDpSN2HyApXNUkLTMeTbNgJCwipJwk4LG79zcXLxAtBqmJl hKt8ij5V4wQiou1NDhTYpGdLLQUQ8wQEX05veO5U80KYuMc2TzvRwsjzzAF1K3WM zEKV8HJ3SLJcnb24s2PLpoPZLaWerJurcUwQG01OJVlp4smvuBzw1imExMOG5P9D iX9CogACSoupamHCkpInajxtvzLx/Kb39obHOVIJmYlVJif9Vt4XMd+IRFv1ZiWK bvmsexifgn96D2Qc9uoHMKanMsqb5bjN+jtyRSq/BRpADManyU9O0NPFAxuqkBk2 Zj1YiljDHTHdMmp/lnpMZA8Zxnm7JVQlNxxvrBsLttiEhytCkhAxBOzprXg00yoH HQaRiOsPCDUTlvS73V3e5QfqTjWihUHiIwprxzL0nVIq7gZfwDs7/80QPZjm/yPK OwOLGSobA2J/iyEG5VlLEaxyOBeyAfw5uMR5iHe0TKofyxBXFdSo69/oYDB8CVYp ncJxX9e32EIrB/4aqCM9r/nVhos4QdwDfJIWncQVooQQisPd8zXLccSi9PkFxFQS k4BnXv70QlIq9PnWi209kPyaU3TcQwEYRjZJBZqYRESaHLLnPGw= =O0QV -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0593",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "8.60"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "18.28"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "e-series santricity storage manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.3.1"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "7.52"
},
{
"model": "cloud insights acquisition unit",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire\\, enterprise sds \\\u0026 hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "17.32"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "15.38"
},
{
"model": "solidfire \\\u0026 hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "7-mode transition tool",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "santricity unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "11.54"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "13.46"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18"
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.70.1"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18"
},
{
"model": "e-series santricity web services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.5"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.14"
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.14"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.0.0.2"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "6.45"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.2"
},
{
"model": "cloud secure agent",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166799"
},
{
"db": "PACKETSTORM",
"id": "166792"
},
{
"db": "PACKETSTORM",
"id": "166954"
},
{
"db": "PACKETSTORM",
"id": "167088"
},
{
"db": "PACKETSTORM",
"id": "167008"
},
{
"db": "PACKETSTORM",
"id": "167378"
},
{
"db": "PACKETSTORM",
"id": "172404"
},
{
"db": "PACKETSTORM",
"id": "167142"
}
],
"trust": 0.8
},
"cve": "CVE-2022-21426",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-21426",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-407039",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert_us@oracle.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-21426",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-21426",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secalert_us@oracle.com",
"id": "CVE-2022-21426",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-407039",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407039"
},
{
"db": "NVD",
"id": "CVE-2022-21426"
},
{
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2059996 - read_lines_limit needs to be adjusted according to the setting of buffer_chunk_size\n2066837 - CVE-2022-24769 moby: Default inheritable capabilities for linux container should be empty\n\n5. Summary:\n\nNew Cryostat 2.1.0 on RHEL 8 container images are now available\n\n2. Users of these\nimages are also encouraged to rebuild all container images that depend on\nthese images. \n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n\n5. \n\nFor more information, see the documentation linked in the Solution section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic\n2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-25032\nhttps://access.redhat.com/security/cve/CVE-2021-3999\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-41771\nhttps://access.redhat.com/security/cve/CVE-2021-41772\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-0778\nhttps://access.redhat.com/security/cve/CVE-2022-21426\nhttps://access.redhat.com/security/cve/CVE-2022-21434\nhttps://access.redhat.com/security/cve/CVE-2022-21443\nhttps://access.redhat.com/security/cve/CVE-2022-21449\nhttps://access.redhat.com/security/cve/CVE-2022-21476\nhttps://access.redhat.com/security/cve/CVE-2022-21496\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-23218\nhttps://access.redhat.com/security/cve/CVE-2022-23219\nhttps://access.redhat.com/security/cve/CVE-2022-23308\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nFor\ndetails\nabout\nthe\nsecurity\nissues\nsee\nthese\nCVE\npages:\n*\nhttps://access.redhat.com/security/updates/classification/#low\n*\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\n*\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\n*\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\n*\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\n*\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index\n\n6. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: java-1.8.0-ibm security update\nAdvisory ID: RHSA-2023:3136-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:3136\nIssue date: 2023-05-16\nCVE Names: CVE-2022-21426 CVE-2023-21830 CVE-2023-21843\n====================================================================\n1. Summary:\n\nAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux\n7 Supplementary. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Supplementary (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64\n\n3. Description:\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit. \n\nSecurity Fix(es):\n\n* OpenJDK: Unbounded memory allocation when compiling crafted XPath\nexpressions (JAXP, 8270504) (CVE-2022-21426)\n\n* OpenJDK: improper restrictions in CORBA deserialization (Serialization,\n8285021) (CVE-2023-21830)\n\n* OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of IBM Java must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)\n2160475 - CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742)\n2160490 - CVE-2023-21830 OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021)\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Supplementary (v. 7):\n\nx86_64:\njava-1.8.0-ibm-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-demo-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-devel-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-jdbc-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-plugin-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-src-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Supplementary (v. 7):\n\nx86_64:\njava-1.8.0-ibm-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-demo-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-devel-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-src-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 7):\n\nppc64:\njava-1.8.0-ibm-1.8.0.8.0-1jpp.1.el7.ppc64.rpm\njava-1.8.0-ibm-demo-1.8.0.8.0-1jpp.1.el7.ppc64.rpm\njava-1.8.0-ibm-devel-1.8.0.8.0-1jpp.1.el7.ppc64.rpm\njava-1.8.0-ibm-jdbc-1.8.0.8.0-1jpp.1.el7.ppc64.rpm\njava-1.8.0-ibm-plugin-1.8.0.8.0-1jpp.1.el7.ppc64.rpm\njava-1.8.0-ibm-src-1.8.0.8.0-1jpp.1.el7.ppc64.rpm\n\nppc64le:\njava-1.8.0-ibm-1.8.0.8.0-1jpp.1.el7.ppc64le.rpm\njava-1.8.0-ibm-demo-1.8.0.8.0-1jpp.1.el7.ppc64le.rpm\njava-1.8.0-ibm-devel-1.8.0.8.0-1jpp.1.el7.ppc64le.rpm\njava-1.8.0-ibm-jdbc-1.8.0.8.0-1jpp.1.el7.ppc64le.rpm\njava-1.8.0-ibm-src-1.8.0.8.0-1jpp.1.el7.ppc64le.rpm\n\ns390x:\njava-1.8.0-ibm-1.8.0.8.0-1jpp.1.el7.s390x.rpm\njava-1.8.0-ibm-demo-1.8.0.8.0-1jpp.1.el7.s390x.rpm\njava-1.8.0-ibm-devel-1.8.0.8.0-1jpp.1.el7.s390x.rpm\njava-1.8.0-ibm-jdbc-1.8.0.8.0-1jpp.1.el7.s390x.rpm\njava-1.8.0-ibm-src-1.8.0.8.0-1jpp.1.el7.s390x.rpm\n\nx86_64:\njava-1.8.0-ibm-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-demo-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-devel-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-jdbc-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-plugin-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-src-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 7):\n\nx86_64:\njava-1.8.0-ibm-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-demo-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-devel-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-jdbc-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-plugin-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-src-1.8.0.8.0-1jpp.1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-21426\nhttps://access.redhat.com/security/cve/CVE-2023-21830\nhttps://access.redhat.com/security/cve/CVE-2023-21843\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZGQXddzjgjWX9erEAQjtrg//WDCW8/RkoEyTvEChqF7uHnK4V3rBSk9+\nubpNx/M2kajuILXohNxBY4tcm3jyvoL6gwwCQ3iMlWA369AHI7DturxjJQr3GziD\npbyWqMR4sIyAKJpf32a4MlUBAg01jby2PCxeiD4Llw1Gf2U/BRsDalXoVz/s7dhB\njCO3qNpIbZNmg8gG7jbWbgtCMreM17sONQdWCg5sgfRAKakgcH8xMCWpb02tmLCR\ngS7f4m24sLDhSvWQGxkhkXwhpiG5wGIYnFaS7cQzdHpHS37qOVGshTpgJEsI9c0S\nzTfYYkpCJivl/aENlnYKpVgHmSPP9Qxo0TO18A8y53bJXJBLNBjw6fjDkJLcfOuI\njwHGNnbR1vAhQieD5ACT7rTADBx8fsv2EAqgvGgopuuOPHSKQYxQgCBQu/ZqBf02\n1n3cw0OieNoqW7HqW4qrTkYxma9L5WxfAPTgZhN0OUiWMgLfNtQjuRoSHKGNtwAk\n//tqVreuJPxNGBajdvXEhDLxuBeLiUnxvkgLgaZ+J39MeI3pV5XPbR1qswy7Nsor\n4L+ulZussEs8yZfPzhBMfyARuOGBFX07Cfy1cT381KsisjoUK6OsKnByO/tsOa7d\nnrm/7B+ANBS59mTjRDKtE4/cdVIwvn9qt9/zg8kSUS1x7CjaQ2qyLbTczKyFRiSK\nQcLjOlHi3+I=ckJc\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2437 - EO shouldn\u0027t grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.4]\nLOG-2442 - Log file metric exporter not working with /var/log/pods\nLOG-2448 - Audit and journald logs cannot be viewed from LokiStack, when logs are forwarded with Vector as collector. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 17.0.3+7-1~deb11u1. \n\nWe recommend that you upgrade your openjdk-17 packages. \n\nFor the detailed security status of openjdk-17 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openjdk-17\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJxl3wACgkQEMKTtsN8\nTja/zg/7BeUmTL3RGbn6PBexYoRYRGd5TIgkjajpMhKJfgMJezJ95sDP1jKZmZ7W\n5W7R3iqBYUIjJl+wcoDpSN2HyApXNUkLTMeTbNgJCwipJwk4LG79zcXLxAtBqmJl\nhKt8ij5V4wQiou1NDhTYpGdLLQUQ8wQEX05veO5U80KYuMc2TzvRwsjzzAF1K3WM\nzEKV8HJ3SLJcnb24s2PLpoPZLaWerJurcUwQG01OJVlp4smvuBzw1imExMOG5P9D\niX9CogACSoupamHCkpInajxtvzLx/Kb39obHOVIJmYlVJif9Vt4XMd+IRFv1ZiWK\nbvmsexifgn96D2Qc9uoHMKanMsqb5bjN+jtyRSq/BRpADManyU9O0NPFAxuqkBk2\nZj1YiljDHTHdMmp/lnpMZA8Zxnm7JVQlNxxvrBsLttiEhytCkhAxBOzprXg00yoH\nHQaRiOsPCDUTlvS73V3e5QfqTjWihUHiIwprxzL0nVIq7gZfwDs7/80QPZjm/yPK\nOwOLGSobA2J/iyEG5VlLEaxyOBeyAfw5uMR5iHe0TKofyxBXFdSo69/oYDB8CVYp\nncJxX9e32EIrB/4aqCM9r/nVhos4QdwDfJIWncQVooQQisPd8zXLccSi9PkFxFQS\nk4BnXv70QlIq9PnWi209kPyaU3TcQwEYRjZJBZqYRESaHLLnPGw=\n=O0QV\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21426"
},
{
"db": "VULHUB",
"id": "VHN-407039"
},
{
"db": "PACKETSTORM",
"id": "166799"
},
{
"db": "PACKETSTORM",
"id": "166792"
},
{
"db": "PACKETSTORM",
"id": "166954"
},
{
"db": "PACKETSTORM",
"id": "167088"
},
{
"db": "PACKETSTORM",
"id": "167008"
},
{
"db": "PACKETSTORM",
"id": "167378"
},
{
"db": "PACKETSTORM",
"id": "172404"
},
{
"db": "PACKETSTORM",
"id": "167142"
},
{
"db": "PACKETSTORM",
"id": "169256"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-21426",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "167378",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167008",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167088",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167142",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166954",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167385",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167327",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167388",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166967",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167980",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167122",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167164",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167140",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167271",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167979",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-407039",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166799",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166792",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172404",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169256",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407039"
},
{
"db": "PACKETSTORM",
"id": "166799"
},
{
"db": "PACKETSTORM",
"id": "166792"
},
{
"db": "PACKETSTORM",
"id": "166954"
},
{
"db": "PACKETSTORM",
"id": "167088"
},
{
"db": "PACKETSTORM",
"id": "167008"
},
{
"db": "PACKETSTORM",
"id": "167378"
},
{
"db": "PACKETSTORM",
"id": "172404"
},
{
"db": "PACKETSTORM",
"id": "167142"
},
{
"db": "PACKETSTORM",
"id": "169256"
},
{
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"id": "VAR-202204-0593",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-407039"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T21:16:55.732000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21426"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21443"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21476"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21496"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-21426"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21434"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-21443"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-21434"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-21476"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-21496"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1441"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1442"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8649"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25182"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25173"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8647"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25176"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25176"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8649"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25174"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25182"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25178"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0711"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25175"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0711"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25179"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8647"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25181"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25178"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25174"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25183"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2022:1621"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/containers"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1747"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41772"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-21843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:3136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21830"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-21830"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4028"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4028"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/openjdk-17"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407039"
},
{
"db": "PACKETSTORM",
"id": "166799"
},
{
"db": "PACKETSTORM",
"id": "166792"
},
{
"db": "PACKETSTORM",
"id": "166954"
},
{
"db": "PACKETSTORM",
"id": "167088"
},
{
"db": "PACKETSTORM",
"id": "167008"
},
{
"db": "PACKETSTORM",
"id": "167378"
},
{
"db": "PACKETSTORM",
"id": "172404"
},
{
"db": "PACKETSTORM",
"id": "167142"
},
{
"db": "PACKETSTORM",
"id": "169256"
},
{
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-407039"
},
{
"db": "PACKETSTORM",
"id": "166799"
},
{
"db": "PACKETSTORM",
"id": "166792"
},
{
"db": "PACKETSTORM",
"id": "166954"
},
{
"db": "PACKETSTORM",
"id": "167088"
},
{
"db": "PACKETSTORM",
"id": "167008"
},
{
"db": "PACKETSTORM",
"id": "167378"
},
{
"db": "PACKETSTORM",
"id": "172404"
},
{
"db": "PACKETSTORM",
"id": "167142"
},
{
"db": "PACKETSTORM",
"id": "169256"
},
{
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-19T00:00:00",
"db": "VULHUB",
"id": "VHN-407039"
},
{
"date": "2022-04-21T15:09:12",
"db": "PACKETSTORM",
"id": "166799"
},
{
"date": "2022-04-21T15:08:01",
"db": "PACKETSTORM",
"id": "166792"
},
{
"date": "2022-05-04T21:42:33",
"db": "PACKETSTORM",
"id": "166954"
},
{
"date": "2022-05-11T16:48:11",
"db": "PACKETSTORM",
"id": "167088"
},
{
"date": "2022-05-10T14:49:09",
"db": "PACKETSTORM",
"id": "167008"
},
{
"date": "2022-06-03T15:37:50",
"db": "PACKETSTORM",
"id": "167378"
},
{
"date": "2023-05-17T14:05:00",
"db": "PACKETSTORM",
"id": "172404"
},
{
"date": "2022-05-12T15:55:09",
"db": "PACKETSTORM",
"id": "167142"
},
{
"date": "2022-05-28T19:12:00",
"db": "PACKETSTORM",
"id": "169256"
},
{
"date": "2022-04-19T21:15:15.157000",
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-407039"
},
{
"date": "2023-04-27T17:53:04.237000",
"db": "NVD",
"id": "CVE-2022-21426"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2022-1441-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "166799"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "info disclosure",
"sources": [
{
"db": "PACKETSTORM",
"id": "169256"
}
],
"trust": 0.1
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.