ID

VAR-202201-0355


CVE

CVE-2022-0359


TITLE

vim Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202201-2455

DESCRIPTION

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Summary: The Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: vim security update Advisory ID: RHSA-2022:0894-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0894 Issue date: 2022-03-15 CVE Names: CVE-2022-0261 CVE-2022-0318 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0413 ==================================================================== 1. Summary: An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim: Heap-based buffer overflow in block_insert() in src/ops.c (CVE-2022-0261) * vim: Heap-based buffer overflow in utf_head_off() in mbyte.c (CVE-2022-0318) * vim: Heap-based buffer overflow in init_ccline() in ex_getln.c (CVE-2022-0359) * vim: Illegal memory access when copying lines in visual mode leads to heap buffer overflow (CVE-2022-0361) * vim: Heap-based buffer overflow in getexmodeline() in ex_getln.c (CVE-2022-0392) * vim: Use after free in src/ex_cmds.c (CVE-2022-0413) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: vim-X11-8.0.1763-16.el8_5.12.aarch64.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-common-8.0.1763-16.el8_5.12.aarch64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-debugsource-8.0.1763-16.el8_5.12.aarch64.rpm vim-enhanced-8.0.1763-16.el8_5.12.aarch64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm noarch: vim-filesystem-8.0.1763-16.el8_5.12.noarch.rpm ppc64le: vim-X11-8.0.1763-16.el8_5.12.ppc64le.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-common-8.0.1763-16.el8_5.12.ppc64le.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-debugsource-8.0.1763-16.el8_5.12.ppc64le.rpm vim-enhanced-8.0.1763-16.el8_5.12.ppc64le.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm s390x: vim-X11-8.0.1763-16.el8_5.12.s390x.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-common-8.0.1763-16.el8_5.12.s390x.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-debugsource-8.0.1763-16.el8_5.12.s390x.rpm vim-enhanced-8.0.1763-16.el8_5.12.s390x.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm x86_64: vim-X11-8.0.1763-16.el8_5.12.x86_64.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-common-8.0.1763-16.el8_5.12.x86_64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-debugsource-8.0.1763-16.el8_5.12.x86_64.rpm vim-enhanced-8.0.1763-16.el8_5.12.x86_64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: vim-8.0.1763-16.el8_5.12.src.rpm aarch64: vim-X11-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-debugsource-8.0.1763-16.el8_5.12.aarch64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-minimal-8.0.1763-16.el8_5.12.aarch64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm ppc64le: vim-X11-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-debugsource-8.0.1763-16.el8_5.12.ppc64le.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-minimal-8.0.1763-16.el8_5.12.ppc64le.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm s390x: vim-X11-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-debugsource-8.0.1763-16.el8_5.12.s390x.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-minimal-8.0.1763-16.el8_5.12.s390x.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm x86_64: vim-X11-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-debugsource-8.0.1763-16.el8_5.12.x86_64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-minimal-8.0.1763-16.el8_5.12.x86_64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-0261 https://access.redhat.com/security/cve/CVE-2022-0318 https://access.redhat.com/security/cve/CVE-2022-0359 https://access.redhat.com/security/cve/CVE-2022-0361 https://access.redhat.com/security/cve/CVE-2022-0392 https://access.redhat.com/security/cve/CVE-2022-0413 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. This update provides security fixes, bug fixes, and updates the container images. Description: Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/ Security updates: * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450) * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * nodejs-shelljs: improper privilege management (CVE-2022-0144) * search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) * imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778) * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) * opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190) Related bugs: * RHACM 2.4.3 image files (BZ #2057249) * Observability - dashboard name contains `/` would cause error when generating dashboard cm (BZ #2032128) * ACM application placement fails after renaming the application name (BZ #2033051) * Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197) * Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820) * The value of name label changed from clusterclaim name to cluster name (BZ #2042223) * VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ #2048500) * clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211) * Application cluster status is not updated in UI after restoring (BZ #2053279) * OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610) * The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039) * Subscriptions stop reconciling after channel secrets are recreated (BZ #2059954) * Placementrule is not reconciling on a new fresh environment (BZ #2074156) * The cluster claimed from clusterpool cannot auto imported (BZ #2074543) 3. Bugs fixed (https://bugzilla.redhat.com/): 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm 2033051 - ACM application placement fails after renaming the application name 2039197 - disable the obs metric collect should not impact the managed cluster upgrade 2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard 2042223 - the value of name label changed from clusterclaim name to cluster name 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053279 - Application cluster status is not updated in UI after restoring 2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+ 2057249 - RHACM 2.4.3 images 2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift 2059954 - Subscriptions stop reconciling after channel secrets are recreated 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2074156 - Placementrule is not reconciling on a new fresh environment 2074543 - The cluster claimed from clusterpool can not auto imported 5. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/ Security updates: * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * nodejs-shelljs: improper privilege management (CVE-2022-0144) * follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) Bug fix: * RHACM 2.3.8 images (Bugzilla #2062316) 3. Bugs fixed (https://bugzilla.redhat.com/): 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6 macOS Monterey 12.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213444. AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Entry added October 27, 2022 ATS Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t) Entry added October 27, 2022 ATS Available for: macOS Monterey Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t) Entry added October 27, 2022 ATS Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t) Calendar Available for: macOS Monterey Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher Entry added October 27, 2022 GarageBand Available for: macOS Monterey Impact: An app may be able to access user-sensitive data Description: A configuration issue was addressed with additional restrictions. CVE-2022-32877: Wojciech Reguła (@_r3ggi) of SecuRing Entry added October 27, 2022 ImageIO Available for: macOS Monterey Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022 Image Processing Available for: macOS Monterey Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022 iMovie Available for: macOS Monterey Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32896: Wojciech Reguła (@_r3ggi) Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022 Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32924: Ian Beer of Google Project Zero Entry updated October 27, 2022 Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved bounds checks. CVE-2022-32917: an anonymous researcher Maps Available for: macOS Monterey Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com Entry updated October 27, 2022 MediaLibrary Available for: macOS Monterey Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher ncurses Available for: macOS Monterey Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537 Entry added October 27, 2022 PackageKit Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-32900: Mickey Jin (@patch1t) Sandbox Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022 Security Available for: macOS Monterey Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022 Sidecar Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022 SMB Available for: macOS Monterey Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger Entry added October 27, 2022 Vim Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 Entry added October 27, 2022 Vim Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 Entry added October 27, 2022 Weather Available for: macOS Monterey Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022 WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022 Additional recognition Identity Services We would like to acknowledge Joshua Jones for their assistance. macOS Monterey 12.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpcACgkQ4RjMIDke Nxkwlg//SSBu/uDg4G5fbGIYbNhe6z0pbPi6KhKQJI/fwDQw0rD1rRCYMYY3FqSv QwV8MyduewVyNTYL/OiNUDEBJolv3HmAGSLOKML4fJzExGN8j0hzxB+VDreh0PP7 /dIFsarwPIdQTaqD+oolT6XPJ1oG+GClaFn2JRJd1eCMstpQ9n04TZlTa6g5kSzT ZU6GnRyVBTSi9o2FGKJ0uZxTVZ06G2M1Y6j5qEugEiO+8mSP6DbE8GuMNhxQHgdQ IThRbMhaggheulPHgoF5023MB2eHOxzd92qGQBfilGXiDEXYQW8dCD21yhEDQt9J 5TKrgDRnGweDZIrTm3/dUiEfcAIrpNCGvieXCTmuBLnG9DqJyfYq8KPAh7E5Mwry TQvtTSVvf5Gp/vfrDZSbkS5dzWoIlJJByvc9Zt9MtC+eP2vYXjYAwDRd9duM/N+J 1wzXK8axVwImx58j5Ae1VsfELkbiGicovRn306MKUWgl3iz6D2JNTJPIyI96K3D7 ZDg4FhFJOTfXdmSdH9bbGKMt2LTPbYem3gk7zm4a5eKp3RQGd8HnhTRbMbr5e7Vh /C6AwsIbWhvE2SY3Pig7+BkzjfX4wNlnxKpa+wzZfamaXHxYYu6jwHdi74gqv5JA GDdcqUsSlUaFU+VsZlWnogpZGJjq5dxowq+2jmD2AOjevacHe3c= =uGN6 -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5458-1 June 02, 2022 vim vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in Vim. An attacker could possibly use this issue to expose sensitive information. (CVE-2021-4193) It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213) It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319) It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0361, CVE-2022-0368) It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408) It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm5 In general, a standard system update will make all the necessary changes

Trust: 1.62

sources: NVD: CVE-2022-0359 // VULHUB: VHN-413342 // PACKETSTORM: 166789 // PACKETSTORM: 166323 // PACKETSTORM: 166433 // PACKETSTORM: 166812 // PACKETSTORM: 166516 // PACKETSTORM: 169576 // PACKETSTORM: 167368

AFFECTED PRODUCTS

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.6

Trust: 1.0

vendor:vimmodel:vimscope:ltversion:8.2.4214

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

sources: NVD: CVE-2022-0359

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-0359
value: HIGH

Trust: 1.0

security@huntr.dev: CVE-2022-0359
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202201-2455
value: HIGH

Trust: 0.6

VULHUB: VHN-413342
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-0359
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-413342
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-0359
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security@huntr.dev: CVE-2022-0359
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-413342 // CNNVD: CNNVD-202201-2455 // NVD: CVE-2022-0359 // NVD: CVE-2022-0359

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.1

problemtype:CWE-787

Trust: 1.0

sources: VULHUB: VHN-413342 // NVD: CVE-2022-0359

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-2455

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-2455

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-413342

PATCH

title:vim Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=183808

Trust: 0.6

sources: CNNVD: CNNVD-202201-2455

EXTERNAL IDS

db:NVDid:CVE-2022-0359

Trust: 2.4

db:PACKETSTORMid:166433

Trust: 0.8

db:PACKETSTORMid:169576

Trust: 0.8

db:PACKETSTORMid:167368

Trust: 0.8

db:PACKETSTORMid:166323

Trust: 0.8

db:PACKETSTORMid:166516

Trust: 0.8

db:PACKETSTORMid:166976

Trust: 0.7

db:PACKETSTORMid:166812

Trust: 0.7

db:AUSCERTid:ESB-2022.1263

Trust: 0.6

db:AUSCERTid:ESB-2022.3002

Trust: 0.6

db:AUSCERTid:ESB-2022.5300

Trust: 0.6

db:AUSCERTid:ESB-2023.0019

Trust: 0.6

db:AUSCERTid:ESB-2022.1677

Trust: 0.6

db:AUSCERTid:ESB-2022.1056

Trust: 0.6

db:CS-HELPid:SB2022031527

Trust: 0.6

db:CS-HELPid:SB2022060217

Trust: 0.6

db:CS-HELPid:SB2022032843

Trust: 0.6

db:CS-HELPid:SB2022072710

Trust: 0.6

db:CS-HELPid:SB2022032446

Trust: 0.6

db:CS-HELPid:SB2022062022

Trust: 0.6

db:CS-HELPid:SB2022061208

Trust: 0.6

db:CS-HELPid:SB2022022220

Trust: 0.6

db:CNNVDid:CNNVD-202201-2455

Trust: 0.6

db:PACKETSTORMid:166431

Trust: 0.1

db:PACKETSTORMid:169551

Trust: 0.1

db:PACKETSTORMid:169561

Trust: 0.1

db:VULHUBid:VHN-413342

Trust: 0.1

db:PACKETSTORMid:166789

Trust: 0.1

sources: VULHUB: VHN-413342 // PACKETSTORM: 166789 // PACKETSTORM: 166323 // PACKETSTORM: 166433 // PACKETSTORM: 166812 // PACKETSTORM: 166516 // PACKETSTORM: 169576 // PACKETSTORM: 167368 // CNNVD: CNNVD-202201-2455 // NVD: CVE-2022-0359

REFERENCES

url:https://support.apple.com/kb/ht213444

Trust: 1.7

url:https://support.apple.com/kb/ht213488

Trust: 1.7

url:https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def

Trust: 1.7

url:http://seclists.org/fulldisclosure/2022/oct/28

Trust: 1.7

url:http://seclists.org/fulldisclosure/2022/oct/41

Trust: 1.7

url:http://seclists.org/fulldisclosure/2022/oct/43

Trust: 1.7

url:https://security.gentoo.org/glsa/202208-32

Trust: 1.7

url:https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-0359

Trust: 1.2

url:https://www.cybersecurity-help.cz/vdb/sb2022022220

Trust: 0.6

url:https://packetstormsecurity.com/files/167368/ubuntu-security-notice-usn-5458-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072710

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1056

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031527

Trust: 0.6

url:https://packetstormsecurity.com/files/166433/red-hat-security-advisory-2022-1041-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1263

Trust: 0.6

url:https://vigilance.fr/vulnerability/vim-buffer-overflow-via-github-repository-37405

Trust: 0.6

url:https://packetstormsecurity.com/files/169576/apple-security-advisory-2022-10-27-7.html

Trust: 0.6

url:https://support.apple.com/en-us/ht213488

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060217

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022061208

Trust: 0.6

url:https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/166812/red-hat-security-advisory-2022-1476-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/166516/red-hat-security-advisory-2022-1083-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0019

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022062022

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032843

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5300

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3002

Trust: 0.6

url:https://packetstormsecurity.com/files/166323/red-hat-security-advisory-2022-0894-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032446

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1677

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-0392

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-0261

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-0413

Trust: 0.5

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-0361

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-0359

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-0318

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-0361

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-0261

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-0318

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-0392

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-25315

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-25236

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-25235

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-23308

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-23852

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-22822

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-22823

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-22827

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-31566

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-22826

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-23177

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3999

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-23219

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-22824

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-45960

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-23218

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-22825

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-23177

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-46143

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-31566

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-0413

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-0492

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-4154

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-0920

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-0847

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-0435

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22942

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-0330

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-0516

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-0920

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-45960

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-22822

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-46143

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-3999

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-41190

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0778

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22825

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22823

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22824

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0536

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0235

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0330

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0516

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0847

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0155

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23566

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0155

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0435

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-4154

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0144

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23566

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0235

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0536

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0144

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0492

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0319

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0351

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25710

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21684

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25710

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20231

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20232

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4122

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22817

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44716

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1396

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3577

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.1

url:https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36221

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0532

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-3577

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22816

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21684

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44717

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0894

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1025

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1041

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23219

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22826

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24407

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24731

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25236

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24730

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22827

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24731

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25235

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24730

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1025

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23852

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41190

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0778

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0811

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27191

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1476

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24778

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43565

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43565

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1083

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2042

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1622

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2124

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39537

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0368

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2000

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://support.apple.com/ht213444.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4193

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0213

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0443

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0408

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5458-1

Trust: 0.1

sources: VULHUB: VHN-413342 // PACKETSTORM: 166789 // PACKETSTORM: 166323 // PACKETSTORM: 166433 // PACKETSTORM: 166812 // PACKETSTORM: 166516 // PACKETSTORM: 169576 // PACKETSTORM: 167368 // CNNVD: CNNVD-202201-2455 // NVD: CVE-2022-0359

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 166789 // PACKETSTORM: 166323 // PACKETSTORM: 166433 // PACKETSTORM: 166812 // PACKETSTORM: 166516

SOURCES

db:VULHUBid:VHN-413342
db:PACKETSTORMid:166789
db:PACKETSTORMid:166323
db:PACKETSTORMid:166433
db:PACKETSTORMid:166812
db:PACKETSTORMid:166516
db:PACKETSTORMid:169576
db:PACKETSTORMid:167368
db:CNNVDid:CNNVD-202201-2455
db:NVDid:CVE-2022-0359

LAST UPDATE DATE

2024-11-23T20:43:01.340000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-413342date:2022-11-09T00:00:00
db:CNNVDid:CNNVD-202201-2455date:2023-01-03T00:00:00
db:NVDid:CVE-2022-0359date:2024-11-21T06:38:27.263

SOURCES RELEASE DATE

db:VULHUBid:VHN-413342date:2022-01-26T00:00:00
db:PACKETSTORMid:166789date:2022-04-20T15:12:33
db:PACKETSTORMid:166323date:2022-03-15T15:50:42
db:PACKETSTORMid:166433date:2022-03-24T14:36:50
db:PACKETSTORMid:166812date:2022-04-21T15:12:25
db:PACKETSTORMid:166516date:2022-03-29T15:53:19
db:PACKETSTORMid:169576date:2022-10-31T14:42:57
db:PACKETSTORMid:167368date:2022-06-02T17:08:47
db:CNNVDid:CNNVD-202201-2455date:2022-01-26T00:00:00
db:NVDid:CVE-2022-0359date:2022-01-26T12:15:08.030