var-202210-0997
Vulnerability from variot
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. xmlsoft.org of libxml2 Products from other vendors contain integer overflow vulnerabilities.Service operation interruption (DoS) It may be in a state. libxml2 is an open source library for parsing XML documents. It is written in C language and can be called by many languages, such as C language, C++, XSH. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-39
https://security.gentoo.org/
Severity: High Title: libxml2: Multiple Vulnerabilities Date: October 31, 2022 Bugs: #877149 ID: 202210-39
Synopsis
Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution.
Background
libxml2 is the XML C parser and toolkit developed for the GNOME project.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxml2 < 2.10.3 >= 2.10.3
Description
Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All libxml2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.10.3"
References
[ 1 ] CVE-2022-40303 https://nvd.nist.gov/vuln/detail/CVE-2022-40303 [ 2 ] CVE-2022-40304 https://nvd.nist.gov/vuln/detail/CVE-2022-40304
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202210-39
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
This release includes security and bug fixes, and enhancements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update Advisory ID: RHSA-2023:1047-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:1047 Issue date: 2023-03-01 CVE Names: CVE-2018-14040 CVE-2018-14042 CVE-2019-11358 CVE-2020-11022 CVE-2021-35065 CVE-2021-44906 CVE-2022-1274 CVE-2022-1438 CVE-2022-1471 CVE-2022-2764 CVE-2022-3782 CVE-2022-3916 CVE-2022-4039 CVE-2022-24785 CVE-2022-25857 CVE-2022-31129 CVE-2022-37603 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751 CVE-2022-40149 CVE-2022-40150 CVE-2022-40303 CVE-2022-40304 CVE-2022-42003 CVE-2022-42004 CVE-2022-45047 CVE-2022-45693 CVE-2022-46175 CVE-2022-46363 CVE-2022-46364 CVE-2022-47629 CVE-2023-0091 CVE-2023-0264 CVE-2023-21835 CVE-2023-21843 ==================================================================== 1. Summary:
A new image is available for Red Hat Single Sign-On 7.6.2, running on Red Hat OpenShift Container Platform from the release of 3.11 up to the release of 4.12.0.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.
- snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
- keycloak: path traversal via double URL encoding (CVE-2022-3782)
- RH-SSO for OpenShift images: unsecured management interface exposed to adjacent network (CVE-2022-4039)
- snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
- moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
- sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
- CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
- keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
- bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
- rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
- jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
- jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
- keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
- keycloak: minimist: prototype pollution (CVE-2021-44906)
- keycloak: missing email notification template allowlist (CVE-2022-1274)
- keycloak: XSS on izmpersonation under specific circumstances (CVE-2022-1438)
- keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
- Moment.js: Path traversal in moment.locale (CVE-2022-24785)
- loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
- snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
- snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
- snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
- jettison: parser crash by stackoverflow (CVE-2022-40149)
- jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
- jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
- json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
- jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
- jackson-databind: use of deeply nested arrays (CVE-2022-42004)
- CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
- undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)
- keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
This erratum releases a new image for Red Hat Single Sign-On 7.6.2 for use within the Red Hat OpenShift Container Platform (from the release of 3.11 up to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 2031904 - CVE-2022-1438 keycloak: XSS on impersonation under specific circumstances 2066009 - CVE-2021-44906 minimist: prototype pollution 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2073157 - CVE-2022-1274 keycloak: HTML injection in execute-actions-email Admin REST API 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2117506 - CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations 2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections 2129706 - CVE-2022-38749 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode 2129707 - CVE-2022-38750 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject 2129709 - CVE-2022-38751 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service 2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens 2143416 - CVE-2022-4039 rhsso-operator: unsecured management interface exposed to adjecent network 2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability 2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution 2155681 - CVE-2022-46363 Apache CXF: directory listing / code exfiltration 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2155970 - CVE-2022-45693 jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos 2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method 2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service 2158585 - CVE-2023-0091 keycloak: Client Registration endpoint does not check token revocation 2160585 - CVE-2023-0264 keycloak: user impersonation via stolen uuid code
- References:
https://access.redhat.com/security/cve/CVE-2018-14040 https://access.redhat.com/security/cve/CVE-2018-14042 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2021-35065 https://access.redhat.com/security/cve/CVE-2021-44906 https://access.redhat.com/security/cve/CVE-2022-1274 https://access.redhat.com/security/cve/CVE-2022-1438 https://access.redhat.com/security/cve/CVE-2022-1471 https://access.redhat.com/security/cve/CVE-2022-2764 https://access.redhat.com/security/cve/CVE-2022-3782 https://access.redhat.com/security/cve/CVE-2022-3916 https://access.redhat.com/security/cve/CVE-2022-4039 https://access.redhat.com/security/cve/CVE-2022-24785 https://access.redhat.com/security/cve/CVE-2022-25857 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/cve/CVE-2022-37603 https://access.redhat.com/security/cve/CVE-2022-38749 https://access.redhat.com/security/cve/CVE-2022-38750 https://access.redhat.com/security/cve/CVE-2022-38751 https://access.redhat.com/security/cve/CVE-2022-40149 https://access.redhat.com/security/cve/CVE-2022-40150 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-42003 https://access.redhat.com/security/cve/CVE-2022-42004 https://access.redhat.com/security/cve/CVE-2022-45047 https://access.redhat.com/security/cve/CVE-2022-45693 https://access.redhat.com/security/cve/CVE-2022-46175 https://access.redhat.com/security/cve/CVE-2022-46363 https://access.redhat.com/security/cve/CVE-2022-46364 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-0091 https://access.redhat.com/security/cve/CVE-2023-0264 https://access.redhat.com/security/cve/CVE-2023-21835 https://access.redhat.com/security/cve/CVE-2023-21843 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBY//t1dzjgjWX9erEAQia2w/+OL2GUzx63gPKwDpJXSFQEA2gn7Bu3FcP Vs6FCL7PpZ0u4i0/5n7bzpGf4qGlHbbuVUw7Y4sHdHhKSI+boX54pjrJX1ccfznn Lg/ENsMmzXen9MvjH5b1D3W7Mho7skUuCVCBu5y7cCOdOxUohyRzLkny/NjQ1nD6 eRDbj/qSRJNEvV7JqUvRhwaSiJK7qQtXsPV7FEDdUq0YwTnGJsKJXc67lAuJphZT bYVNCHfZrfakuAnj4eR8rX+iacPlZY6a0sYbyyT/uHw27oiNpXwPtoNCSkDwmjZ3 IxKNjpap3zOJUou+XDj/4uBSALftooJnxTi++8lqK0BLpXeQLd83SeP9IiYmnCD+ CtHnfbeFYKVFPyGWIUUddVCJOv4qznlIqxvWcgy0b1xi32ZFaqGTFZNmt/6Is06y AO+yv7UE0cxthEqQASwlRWpct797Tdd4culodXiF/OBKAmznzmMt/MLWgZ7WiszD q5ECUJNlcLsSB2E+RCXswVzZU8DwlH0DV/rqJ7+c5y0HH+veMXKY/GqIcUJwRx/b 8Q6kskM6p9UB9j5r1GpRlnWMuQicw5RuC5sY/tPbMhUnMxPzKHeI0GatQRZrAE+0 iwPVbzdWk25PdKb/2LXdKruqcLv9INvvN0jwEUG6vKXJU4HwANLCc3MItJpsnZX4 ZpcQ6Sd41lc=+e7l -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Description:
Service Binding manages the data plane for applications and backing services.
Security Fix(es):
- golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests
- JIRA issues fixed (https://issues.jboss.org/):
APPSVC-1204 - Provisioned Service discovery APPSVC-1256 - CVE-2022-41717
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2
macOS Big Sur 11.7.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213534.
BOM Available for: macOS Big Sur Impact: An app may bypass Gatekeeper checks Description: A logic issue was addressed with improved checks. CVE-2022-42821: Jonathan Bar Or of Microsoft
DriverKit Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32942: Linus Henze of Pinauten GmbH (pinauten.de)
IOHIDFamily Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42864: Tommy Muir (@Muirey03)
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with additional validation. CVE-2022-46689: Ian Beer of Google Project Zero
Kernel Available for: macOS Big Sur Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42845: Adam Doupé of ASU SEFCOM
Kernel Available for: macOS Big Sur Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year Lab
libxml2 Available for: macOS Big Sur Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2022-40303: Maddie Stone of Google Project Zero
libxml2 Available for: macOS Big Sur Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project Zero
ppp Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42840: an anonymous researcher
xar Available for: macOS Big Sur Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A type confusion issue was addressed with improved checks. CVE-2022-42841: Thijs Alkemade (@xnyhps) of Computest Sector 7
macOS Big Sur 11.7.2 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. Bugs fixed (https://bugzilla.redhat.com/):
2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be 2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents 2167819 - CVE-2023-23947 ArgoCD: Users with any cluster secret update access may update out-of-bounds cluster secrets
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0997",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "16.2"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7.2"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.7.2"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "libxml2",
"scope": "lt",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "2.10.3"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6.2"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.7.2"
},
{
"model": "manageability sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "snapmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "9.2"
},
{
"model": "active iq unified manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "snapmanager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "h410c",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "9.2"
},
{
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "manageability sdk",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h300s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h700s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap antivirus connector",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "libxml2",
"scope": null,
"trust": 0.8,
"vendor": "xmlsoft",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023015"
},
{
"db": "NVD",
"id": "CVE-2022-40303"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "171318"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171127"
},
{
"db": "PACKETSTORM",
"id": "171043"
},
{
"db": "PACKETSTORM",
"id": "171042"
}
],
"trust": 0.5
},
"cve": "CVE-2022-40303",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-40303",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-40303",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-40303",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-40303",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023015"
},
{
"db": "NVD",
"id": "CVE-2022-40303"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. xmlsoft.org of libxml2 Products from other vendors contain integer overflow vulnerabilities.Service operation interruption (DoS) It may be in a state. libxml2 is an open source library for parsing XML documents. It is written in C language and can be called by many languages, such as C language, C++, XSH. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202210-39\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: libxml2: Multiple Vulnerabilities\n Date: October 31, 2022\n Bugs: #877149\n ID: 202210-39\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in libxml2, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n==========\n\nlibxml2 is the XML C parser and toolkit developed for the GNOME project. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/libxml2 \u003c 2.10.3 \u003e= 2.10.3\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in libxml2. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libxml2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/libxml2-2.10.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-40303\n https://nvd.nist.gov/vuln/detail/CVE-2022-40303\n[ 2 ] CVE-2022-40304\n https://nvd.nist.gov/vuln/detail/CVE-2022-40304\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202210-39\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nThis release includes security and bug fixes, and enhancements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update\nAdvisory ID: RHSA-2023:1047-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:1047\nIssue date: 2023-03-01\nCVE Names: CVE-2018-14040 CVE-2018-14042 CVE-2019-11358\n CVE-2020-11022 CVE-2021-35065 CVE-2021-44906\n CVE-2022-1274 CVE-2022-1438 CVE-2022-1471\n CVE-2022-2764 CVE-2022-3782 CVE-2022-3916\n CVE-2022-4039 CVE-2022-24785 CVE-2022-25857\n CVE-2022-31129 CVE-2022-37603 CVE-2022-38749\n CVE-2022-38750 CVE-2022-38751 CVE-2022-40149\n CVE-2022-40150 CVE-2022-40303 CVE-2022-40304\n CVE-2022-42003 CVE-2022-42004 CVE-2022-45047\n CVE-2022-45693 CVE-2022-46175 CVE-2022-46363\n CVE-2022-46364 CVE-2022-47629 CVE-2023-0091\n CVE-2023-0264 CVE-2023-21835 CVE-2023-21843\n====================================================================\n1. Summary:\n\nA new image is available for Red Hat Single Sign-On 7.6.2, running on Red\nHat OpenShift Container Platform from the release of 3.11 up to the release\nof 4.12.0. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Single Sign-On is an integrated sign-on solution, available as a\nRed Hat JBoss Middleware for OpenShift containerized image. The Red Hat\nSingle Sign-On for OpenShift image provides an authentication server that\nyou can use to log in centrally, log out, and register. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices. \n\n* snakeyaml: Constructor Deserialization Remote Code Execution\n(CVE-2022-1471)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* RH-SSO for OpenShift images: unsecured management interface exposed to\nadjacent network (CVE-2022-4039)\n* snakeyaml: Denial of Service due to missing nested depth limitation for\ncollections (CVE-2022-25857)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability\n(CVE-2022-45047)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* keycloak: keycloak: user impersonation via stolen uuid code\n(CVE-2023-0264)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent\nattribute (CVE-2018-14040)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the\ndata-container property of tooltip (CVE-2018-14042)\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n* keycloak: glob-parent: Regular Expression Denial of Service\n(CVE-2021-35065)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: XSS on izmpersonation under specific circumstances\n(CVE-2022-1438)\n* keycloak: Session takeover with OIDC offline refreshtokens\n(CVE-2022-3916)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* loader-utils: loader-utils:Regular expression denial of service\n(CVE-2022-37603)\n* snakeyaml: Uncaught exception in\norg.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in\norg.yaml.snakeyaml.constructor.BaseConstructor.constructObject\n(CVE-2022-38750)\n* snakeyaml: Uncaught exception in\njava.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n* jettison: If the value in map is the map\u0027s self, the new new\nJSONObject(map) cause StackOverflowError which may lead to dos\n(CVE-2022-45693)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* jackson-databind: deep wrapper array nesting wrt\nUNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK\nforever for EJB invocations (CVE-2022-2764)\n* keycloak: Client Registration endpoint does not check token revocation\n(CVE-2023-0091)\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.2 for use\nwithin the Red Hat OpenShift Container Platform (from the release of 3.11\nup to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS)\nfor on-premise or private cloud deployments, aligning with the standalone\nproduct release. \n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n2031904 - CVE-2022-1438 keycloak: XSS on impersonation under specific circumstances\n2066009 - CVE-2021-44906 minimist: prototype pollution\n2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale\n2073157 - CVE-2022-1274 keycloak: HTML injection in execute-actions-email Admin REST API\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2117506 - CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations\n2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections\n2129706 - CVE-2022-38749 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode\n2129707 - CVE-2022-38750 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject\n2129709 - CVE-2022-38751 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match\n2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays\n2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data\n2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow\n2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding\n2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service\n2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens\n2143416 - CVE-2022-4039 rhsso-operator: unsecured management interface exposed to adjecent network\n2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability\n2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution\n2155681 - CVE-2022-46363 Apache CXF: directory listing / code exfiltration\n2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability\n2155970 - CVE-2022-45693 jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos\n2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method\n2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service\n2158585 - CVE-2023-0091 keycloak: Client Registration endpoint does not check token revocation\n2160585 - CVE-2023-0264 keycloak: user impersonation via stolen uuid code\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14040\nhttps://access.redhat.com/security/cve/CVE-2018-14042\nhttps://access.redhat.com/security/cve/CVE-2019-11358\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/cve/CVE-2021-35065\nhttps://access.redhat.com/security/cve/CVE-2021-44906\nhttps://access.redhat.com/security/cve/CVE-2022-1274\nhttps://access.redhat.com/security/cve/CVE-2022-1438\nhttps://access.redhat.com/security/cve/CVE-2022-1471\nhttps://access.redhat.com/security/cve/CVE-2022-2764\nhttps://access.redhat.com/security/cve/CVE-2022-3782\nhttps://access.redhat.com/security/cve/CVE-2022-3916\nhttps://access.redhat.com/security/cve/CVE-2022-4039\nhttps://access.redhat.com/security/cve/CVE-2022-24785\nhttps://access.redhat.com/security/cve/CVE-2022-25857\nhttps://access.redhat.com/security/cve/CVE-2022-31129\nhttps://access.redhat.com/security/cve/CVE-2022-37603\nhttps://access.redhat.com/security/cve/CVE-2022-38749\nhttps://access.redhat.com/security/cve/CVE-2022-38750\nhttps://access.redhat.com/security/cve/CVE-2022-38751\nhttps://access.redhat.com/security/cve/CVE-2022-40149\nhttps://access.redhat.com/security/cve/CVE-2022-40150\nhttps://access.redhat.com/security/cve/CVE-2022-40303\nhttps://access.redhat.com/security/cve/CVE-2022-40304\nhttps://access.redhat.com/security/cve/CVE-2022-42003\nhttps://access.redhat.com/security/cve/CVE-2022-42004\nhttps://access.redhat.com/security/cve/CVE-2022-45047\nhttps://access.redhat.com/security/cve/CVE-2022-45693\nhttps://access.redhat.com/security/cve/CVE-2022-46175\nhttps://access.redhat.com/security/cve/CVE-2022-46363\nhttps://access.redhat.com/security/cve/CVE-2022-46364\nhttps://access.redhat.com/security/cve/CVE-2022-47629\nhttps://access.redhat.com/security/cve/CVE-2023-0091\nhttps://access.redhat.com/security/cve/CVE-2023-0264\nhttps://access.redhat.com/security/cve/CVE-2023-21835\nhttps://access.redhat.com/security/cve/CVE-2023-21843\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY//t1dzjgjWX9erEAQia2w/+OL2GUzx63gPKwDpJXSFQEA2gn7Bu3FcP\nVs6FCL7PpZ0u4i0/5n7bzpGf4qGlHbbuVUw7Y4sHdHhKSI+boX54pjrJX1ccfznn\nLg/ENsMmzXen9MvjH5b1D3W7Mho7skUuCVCBu5y7cCOdOxUohyRzLkny/NjQ1nD6\neRDbj/qSRJNEvV7JqUvRhwaSiJK7qQtXsPV7FEDdUq0YwTnGJsKJXc67lAuJphZT\nbYVNCHfZrfakuAnj4eR8rX+iacPlZY6a0sYbyyT/uHw27oiNpXwPtoNCSkDwmjZ3\nIxKNjpap3zOJUou+XDj/4uBSALftooJnxTi++8lqK0BLpXeQLd83SeP9IiYmnCD+\nCtHnfbeFYKVFPyGWIUUddVCJOv4qznlIqxvWcgy0b1xi32ZFaqGTFZNmt/6Is06y\nAO+yv7UE0cxthEqQASwlRWpct797Tdd4culodXiF/OBKAmznzmMt/MLWgZ7WiszD\nq5ECUJNlcLsSB2E+RCXswVzZU8DwlH0DV/rqJ7+c5y0HH+veMXKY/GqIcUJwRx/b\n8Q6kskM6p9UB9j5r1GpRlnWMuQicw5RuC5sY/tPbMhUnMxPzKHeI0GatQRZrAE+0\niwPVbzdWk25PdKb/2LXdKruqcLv9INvvN0jwEUG6vKXJU4HwANLCc3MItJpsnZX4\nZpcQ6Sd41lc=+e7l\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nAn update for service-binding-operator-bundle-container and\nservice-binding-operator-container is now available for OpenShift Developer\nTools and Services for OCP 4.9. Description:\n\nService Binding manages the data plane for applications and backing\nservices. \n\nSecurity Fix(es):\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go\nserver accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nAPPSVC-1204 - Provisioned Service discovery\nAPPSVC-1256 - CVE-2022-41717\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2\n\nmacOS Big Sur 11.7.2 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213534. \n\nBOM\nAvailable for: macOS Big Sur\nImpact: An app may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42821: Jonathan Bar Or of Microsoft\n\nDriverKit\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32942: Linus Henze of Pinauten GmbH (pinauten.de)\n\nIOHIDFamily\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42864: Tommy Muir (@Muirey03)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2022-46689: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42845: Adam Doup\u00e9 of ASU SEFCOM\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year\nLab\n\nlibxml2\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2022-40303: Maddie Stone of Google Project Zero\n\nlibxml2\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project\nZero\n\nppp\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42840: an anonymous researcher\n\nxar\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted package may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-42841: Thijs Alkemade (@xnyhps) of Computest Sector 7\n\nmacOS Big Sur 11.7.2 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. Bugs fixed (https://bugzilla.redhat.com/):\n\n2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be\n2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents\n2167819 - CVE-2023-23947 ArgoCD: Users with any cluster secret update access may update out-of-bounds cluster secrets\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40303"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023015"
},
{
"db": "VULHUB",
"id": "VHN-429429"
},
{
"db": "VULMON",
"id": "CVE-2022-40303"
},
{
"db": "PACKETSTORM",
"id": "169620"
},
{
"db": "PACKETSTORM",
"id": "171318"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "169858"
},
{
"db": "PACKETSTORM",
"id": "171127"
},
{
"db": "PACKETSTORM",
"id": "170316"
},
{
"db": "PACKETSTORM",
"id": "171043"
},
{
"db": "PACKETSTORM",
"id": "171042"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-429429",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429429"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40303",
"trust": 3.6
},
{
"db": "JVN",
"id": "JVNVU93250330",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99836374",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-102-08",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-165-04",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-165-10",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-165-06",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023015",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170316",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171043",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169620",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169858",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171042",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170317",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170753",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169857",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171016",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170318",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169825",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170555",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171173",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170752",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170899",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170096",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170312",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170955",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169732",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170097",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171017",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170754",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170315",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171040",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171260",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1031",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-429429",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-40303",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171318",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171215",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171127",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429429"
},
{
"db": "VULMON",
"id": "CVE-2022-40303"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023015"
},
{
"db": "PACKETSTORM",
"id": "169620"
},
{
"db": "PACKETSTORM",
"id": "171318"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "169858"
},
{
"db": "PACKETSTORM",
"id": "171127"
},
{
"db": "PACKETSTORM",
"id": "170316"
},
{
"db": "PACKETSTORM",
"id": "171043"
},
{
"db": "PACKETSTORM",
"id": "171042"
},
{
"db": "NVD",
"id": "CVE-2022-40303"
}
]
},
"id": "VAR-202210-0997",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-429429"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T19:25:19.062000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213535",
"trust": 0.8,
"url": "https://security.netapp.com/advisory/ntap-20221209-0003/"
},
{
"title": "Debian CVElist Bug Report Logs: libxml2: CVE-2022-40303: Integer overflows with XML_PARSE_HUGE",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5e77d7ff7e5e68d6c261fad482d55aba"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-40303"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-40303"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023015"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429429"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023015"
},
{
"db": "NVD",
"id": "CVE-2022-40303"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://seclists.org/fulldisclosure/2022/dec/21"
},
{
"trust": 1.9,
"url": "http://seclists.org/fulldisclosure/2022/dec/24"
},
{
"trust": 1.9,
"url": "http://seclists.org/fulldisclosure/2022/dec/25"
},
{
"trust": 1.9,
"url": "http://seclists.org/fulldisclosure/2022/dec/26"
},
{
"trust": 1.9,
"url": "http://seclists.org/fulldisclosure/2022/dec/27"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40303"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20221209-0003/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213531"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213533"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213534"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213535"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213536"
},
{
"trust": 1.1,
"url": "https://gitlab.gnome.org/gnome/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0"
},
{
"trust": 1.1,
"url": "https://gitlab.gnome.org/gnome/libxml2/-/tags/v2.10.3"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99836374/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93250330/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-102-08"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-04"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-06"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-10"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-40303"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40304"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-40304"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-47629"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47629"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-41717"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46848"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-46848"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-35737"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4238"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3064"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23521"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23521"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3064"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4238"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41903"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-23947"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-41903"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202210-39"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-48303"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1181"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-48303"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4415"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4415"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14042"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1471"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1438"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1047"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25857"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35065"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-45047"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0091"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21835"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1471"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0264"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1274"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-45693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35065"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25857"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1274"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213504."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22662"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42845"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-46689"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32942"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213534."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42821"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0804"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-429429"
},
{
"db": "VULMON",
"id": "CVE-2022-40303"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023015"
},
{
"db": "PACKETSTORM",
"id": "169620"
},
{
"db": "PACKETSTORM",
"id": "171318"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "169858"
},
{
"db": "PACKETSTORM",
"id": "171127"
},
{
"db": "PACKETSTORM",
"id": "170316"
},
{
"db": "PACKETSTORM",
"id": "171043"
},
{
"db": "PACKETSTORM",
"id": "171042"
},
{
"db": "NVD",
"id": "CVE-2022-40303"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-429429"
},
{
"db": "VULMON",
"id": "CVE-2022-40303"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023015"
},
{
"db": "PACKETSTORM",
"id": "169620"
},
{
"db": "PACKETSTORM",
"id": "171318"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "169858"
},
{
"db": "PACKETSTORM",
"id": "171127"
},
{
"db": "PACKETSTORM",
"id": "170316"
},
{
"db": "PACKETSTORM",
"id": "171043"
},
{
"db": "PACKETSTORM",
"id": "171042"
},
{
"db": "NVD",
"id": "CVE-2022-40303"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-23T00:00:00",
"db": "VULHUB",
"id": "VHN-429429"
},
{
"date": "2023-11-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-023015"
},
{
"date": "2022-11-01T13:29:06",
"db": "PACKETSTORM",
"id": "169620"
},
{
"date": "2023-03-10T14:24:58",
"db": "PACKETSTORM",
"id": "171318"
},
{
"date": "2023-03-02T15:19:44",
"db": "PACKETSTORM",
"id": "171215"
},
{
"date": "2022-11-15T16:42:35",
"db": "PACKETSTORM",
"id": "169858"
},
{
"date": "2023-02-27T14:51:11",
"db": "PACKETSTORM",
"id": "171127"
},
{
"date": "2022-12-22T02:12:32",
"db": "PACKETSTORM",
"id": "170316"
},
{
"date": "2023-02-17T16:07:29",
"db": "PACKETSTORM",
"id": "171043"
},
{
"date": "2023-02-17T16:04:17",
"db": "PACKETSTORM",
"id": "171042"
},
{
"date": "2022-11-23T00:15:11.007000",
"db": "NVD",
"id": "CVE-2022-40303"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-11T00:00:00",
"db": "VULHUB",
"id": "VHN-429429"
},
{
"date": "2024-06-17T07:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-023015"
},
{
"date": "2023-11-07T03:52:15.280000",
"db": "NVD",
"id": "CVE-2022-40303"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xmlsoft.org\u00a0 of \u00a0libxml2\u00a0 Integer overflow vulnerability in products from other vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023015"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "169858"
},
{
"db": "PACKETSTORM",
"id": "170316"
}
],
"trust": 0.2
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.