ID

VAR-202201-0370


CVE

CVE-2022-22827


TITLE

Expat  Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002873

DESCRIPTION

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Expat is a fast streaming XML parser written in C. libexpat is a streaming XML parser written in C language. Expat has a buffer overflow vulnerability in versions prior to 2.4.3. The vulnerability stems from a boundary error in storeAtts in xmlparse.c when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * Openshift-Gitops: Improper access control allows admin privilege escalation (CVE-2022-1025) * argocd: path traversal and improper access control allows leaking out-of-bound files (CVE-2022-24730) * argocd: path traversal allows leaking out-of-bound files (CVE-2022-24731) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution. Background ========= Expat is a set of XML parsing libraries. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/expat < 2.4.9 >= 2.4.9 Description ========== Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Expat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9" References ========= [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202209-24 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update Advisory ID: RHSA-2022:7143-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:7143 Issue date: 2022-10-26 CVE Names: CVE-2021-33193 CVE-2021-36160 CVE-2021-39275 CVE-2021-41524 CVE-2021-44224 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64 Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64 3. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) * httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193) * httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160) * httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275) * httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524) * httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224) * expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960) * expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143) * expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822) * expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823) * expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824) * expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825) * expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826) * expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827) * expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852) * expat: stack exhaustion in doctype parsing (CVE-2022-25313) * expat: integer overflow in copyString() (CVE-2022-25314) * expat: integer overflow in the doProlog function (CVE-2022-23990) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Package List: Red Hat JBoss Core Services on RHEL 7 Server: Source: jbcs-httpd24-apr-1.7.0-6.el7jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-98.el7jbcs.src.rpm jbcs-httpd24-brotli-1.0.9-2.el7jbcs.src.rpm jbcs-httpd24-curl-7.83.1-6.el7jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-28.el7jbcs.src.rpm jbcs-httpd24-jansson-2.14-1.el7jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el7jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-15.el7jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-19.el7jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-12.el7jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.51-28.el7jbcs.noarch.rpm x86_64: jbcs-httpd24-apr-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-curl-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-devel-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-15.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-15.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-19.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-19.el7jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-12.el7jbcs.x86_64.rpm Red Hat JBoss Core Services on RHEL 8: Source: jbcs-httpd24-apr-1.7.0-6.el8jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-98.el8jbcs.src.rpm jbcs-httpd24-brotli-1.0.9-2.el8jbcs.src.rpm jbcs-httpd24-curl-7.83.1-6.el8jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-28.el8jbcs.src.rpm jbcs-httpd24-jansson-2.14-1.el8jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el8jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-15.el8jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-19.el8jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-12.el8jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.51-28.el8jbcs.noarch.rpm x86_64: jbcs-httpd24-apr-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-curl-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-devel-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-15.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-15.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-19.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-19.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-12.el8jbcs.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-41524 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-23990 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY1nOZtzjgjWX9erEAQjuIxAApYL8vG/A+EEcbUqbTvVWogX49KtpAbJR V1Gv6llWWogAKT9HEE9AGansLscDYD8cyh6TNShY7lDkX7iYchzJLCs6IYDhBzls j7jSdQEgpEVUCPLdKA17rFMO5FvZSlp0pgvFjSH3r+Q1+IVhsxKSXagTbFaTqGgP JVqYMrbot+wzwkC1oHda0/Wh4UwqraveivOT/56FOXw6T0uxF0G51RuT+GSusUFe p7hwNNbE/xWONnQu29QNqMdB9IYFTEjpDV1Tn2i2wPMl1IhQVFhQUqgpjfL29KLc M+bOg6nE2NP4a6+YcYQevKwWTmq+VMLwwwCaNKsqFtK9KrDc/cy3nEDvBwQNx6gM +OjpDGXbUBvKe6qkXIXMbBuJA1hDug+wdlGlDsC6n1MR6EKFPLs3oDdmsVMyAeXv uA9lgkdwIeMpJ96JyDwQ5pCQ94NdLUPy84PlNPH3TJYshpp1di9tFe9MQ9j5lOds RMsc1OJLl06aavpMuyFLoV71+xFksTCeNZVEBlSr31kaf1wxr0hG3oCMjlFw/QcY FmY8nMirBSnrhGcOzg9zx4gfdvdf84mLmoRIAX/r1O5/RtiV13RQRp8/vo0h+4ou Btep5k5CnSag4tBSWvSzX5oaEcrCvaCU9CI/2vhmocTl5O1nsJVvWIHrbu7ygorx m+Yms1hf0io=Dgle -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.16

sources: NVD: CVE-2022-22827 // JVNDB: JVNDB-2022-002873 // VULHUB: VHN-411553 // VULMON: CVE-2022-22827 // PACKETSTORM: 166431 // PACKETSTORM: 168578 // PACKETSTORM: 169540 // PACKETSTORM: 169541

AFFECTED PRODUCTS

vendor:tenablemodel:nessusscope:ltversion:8.15.3

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:libexpatmodel:libexpatscope:ltversion:2.4.3

Trust: 1.0

vendor:tenablemodel:nessusscope:ltversion:10.1.1

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.1

Trust: 1.0

vendor:tenablemodel:nessusscope:gteversion:10.0.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:libexpatmodel:libexpatscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:tenablemodel:nessusscope: - version: -

Trust: 0.8

vendor:日立model:日立高信頼サーバ rv3000scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinema remote connect serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-002873 // NVD: CVE-2022-22827

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22827
value: HIGH

Trust: 1.0

NVD: CVE-2022-22827
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202201-643
value: HIGH

Trust: 0.6

VULHUB: VHN-411553
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-22827
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-22827
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-411553
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-22827
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-22827
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-411553 // VULMON: CVE-2022-22827 // JVNDB: JVNDB-2022-002873 // CNNVD: CNNVD-202201-643 // NVD: CVE-2022-22827

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

problemtype:Integer overflow or wraparound (CWE-190) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-411553 // JVNDB: JVNDB-2022-002873 // NVD: CVE-2022-22827

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-643

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202201-643

PATCH

title:SSA-484086 Hitachi Server / Client Product Security Informationurl:https://www.debian.org/security/2022/dsa-5073

Trust: 0.8

title:Red Hat: CVE-2022-22827url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-22827

Trust: 0.1

title:Red Hat: Important: expat security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220951 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: expat: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=1730aaeace15912feb07b96b49c44c9a

Trust: 0.1

title:Amazon Linux AMI: ALAS-2022-1603url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1603

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift GitOps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221039 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-5073-1 expat -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=131f3d669e0814049dd7f5b87ef0af84

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1809url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1809

Trust: 0.1

title:Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221734 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift GitOps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221041 - Security Advisory

Trust: 0.1

title:Red Hat: Low: Release of OpenShift Serverless Version 1.22.0url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221747 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift GitOps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221042 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updatesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221083 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221476 - Security Advisory

Trust: 0.1

title:Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2022-05

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-017url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-017

Trust: 0.1

title:Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221396 - Security Advisory

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:myapp-container-jaxrsurl:https://github.com/akiraabe/myapp-container-jaxrs

Trust: 0.1

sources: VULMON: CVE-2022-22827 // JVNDB: JVNDB-2022-002873

EXTERNAL IDS

db:NVDid:CVE-2022-22827

Trust: 3.8

db:OPENWALLid:OSS-SECURITY/2022/01/17/3

Trust: 1.7

db:SIEMENSid:SSA-484086

Trust: 1.7

db:TENABLEid:TNS-2022-05

Trust: 1.7

db:ICS CERTid:ICSA-22-167-17

Trust: 1.4

db:PACKETSTORMid:169541

Trust: 0.8

db:PACKETSTORMid:168578

Trust: 0.8

db:ICS CERTid:ICSA-23-278-01

Trust: 0.8

db:JVNid:JVNVU99030761

Trust: 0.8

db:JVNid:JVNVU97425465

Trust: 0.8

db:JVNDBid:JVNDB-2022-002873

Trust: 0.8

db:PACKETSTORMid:167008

Trust: 0.7

db:PACKETSTORMid:169788

Trust: 0.7

db:PACKETSTORMid:166496

Trust: 0.7

db:PACKETSTORMid:166976

Trust: 0.7

db:PACKETSTORMid:166348

Trust: 0.7

db:PACKETSTORMid:166437

Trust: 0.7

db:AUSCERTid:ESB-2022.0626

Trust: 0.6

db:AUSCERTid:ESB-2022.1677

Trust: 0.6

db:AUSCERTid:ESB-2022.1154

Trust: 0.6

db:AUSCERTid:ESB-2022.1263

Trust: 0.6

db:AUSCERTid:ESB-2022.3299

Trust: 0.6

db:AUSCERTid:ESB-2022.4174

Trust: 0.6

db:AUSCERTid:ESB-2022.0369

Trust: 0.6

db:AUSCERTid:ESB-2022.2165

Trust: 0.6

db:AUSCERTid:ESB-2022.0749

Trust: 0.6

db:CS-HELPid:SB2022032013

Trust: 0.6

db:CS-HELPid:SB2022031627

Trust: 0.6

db:CS-HELPid:SB2022021418

Trust: 0.6

db:CS-HELPid:SB2022072710

Trust: 0.6

db:CS-HELPid:SB2022072065

Trust: 0.6

db:CS-HELPid:SB2022060617

Trust: 0.6

db:CS-HELPid:SB2022032843

Trust: 0.6

db:CS-HELPid:SB2022070734

Trust: 0.6

db:CS-HELPid:SB2022041954

Trust: 0.6

db:CS-HELPid:SB2022011713

Trust: 0.6

db:CS-HELPid:SB2022022416

Trust: 0.6

db:CS-HELPid:SB2022070605

Trust: 0.6

db:CS-HELPid:SB2022020902

Trust: 0.6

db:CS-HELPid:SB2022033002

Trust: 0.6

db:CS-HELPid:SB2022032445

Trust: 0.6

db:CS-HELPid:SB2022042116

Trust: 0.6

db:CNNVDid:CNNVD-202201-643

Trust: 0.6

db:PACKETSTORMid:166431

Trust: 0.2

db:PACKETSTORMid:169540

Trust: 0.2

db:PACKETSTORMid:166433

Trust: 0.1

db:CNVDid:CNVD-2022-04544

Trust: 0.1

db:VULHUBid:VHN-411553

Trust: 0.1

db:VULMONid:CVE-2022-22827

Trust: 0.1

sources: VULHUB: VHN-411553 // VULMON: CVE-2022-22827 // JVNDB: JVNDB-2022-002873 // PACKETSTORM: 166431 // PACKETSTORM: 168578 // PACKETSTORM: 169540 // PACKETSTORM: 169541 // CNNVD: CNNVD-202201-643 // NVD: CVE-2022-22827

REFERENCES

url:https://security.gentoo.org/glsa/202209-24

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-22827

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Trust: 1.7

url:https://www.tenable.com/security/tns-2022-05

Trust: 1.7

url:https://www.debian.org/security/2022/dsa-5073

Trust: 1.7

url:https://github.com/libexpat/libexpat/pull/539

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2022/01/17/3

Trust: 1.7

url:https://jvn.jp/vu/jvnvu99030761/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu97425465/index.html

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072710

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031627

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1154

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022022416

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041954

Trust: 0.6

url:https://vigilance.fr/vulnerability/expat-six-vulnerabilities-37271

Trust: 0.6

url:https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022020902

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4174

Trust: 0.6

url:https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022021418

Trust: 0.6

url:https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032843

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070605

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032445

Trust: 0.6

url:https://packetstormsecurity.com/files/166496/red-hat-security-advisory-2022-1069-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072065

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1263

Trust: 0.6

url:https://packetstormsecurity.com/files/169788/red-hat-security-advisory-2022-7692-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060617

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042116

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032013

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022033002

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011713

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0749

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2165

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0626

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3299

Trust: 0.6

url:https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0369

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1677

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070734

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-22825

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-22823

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-22826

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-22824

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-45960

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-22822

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-46143

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-23852

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-25315

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22824

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22823

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22822

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-23852

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22827

Trust: 0.3

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-46143

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22825

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-25235

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-45960

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22826

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-25236

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-33193

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-44224

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25313

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36160

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-39275

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-41524

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-33193

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-41524

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23990

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25314

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-44224

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-36160

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-39275

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0261

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1025

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25710

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1042

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0361

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0261

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23308

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24407

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25710

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0318

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24731

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3999

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24730

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0413

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0392

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24730

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23177

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0359

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0318

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0392

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1025

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0413

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0359

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3999

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31566

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25235

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25315

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40674

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25314

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23990

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25313

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25236

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7144

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7143

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

sources: VULHUB: VHN-411553 // JVNDB: JVNDB-2022-002873 // PACKETSTORM: 166431 // PACKETSTORM: 168578 // PACKETSTORM: 169540 // PACKETSTORM: 169541 // CNNVD: CNNVD-202201-643 // NVD: CVE-2022-22827

CREDITS

Siemens notified CISA of these vulnerabilities.

Trust: 0.6

sources: CNNVD: CNNVD-202201-643

SOURCES

db:VULHUBid:VHN-411553
db:VULMONid:CVE-2022-22827
db:JVNDBid:JVNDB-2022-002873
db:PACKETSTORMid:166431
db:PACKETSTORMid:168578
db:PACKETSTORMid:169540
db:PACKETSTORMid:169541
db:CNNVDid:CNNVD-202201-643
db:NVDid:CVE-2022-22827

LAST UPDATE DATE

2024-11-07T21:39:36.546000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-411553date:2022-10-06T00:00:00
db:VULMONid:CVE-2022-22827date:2022-10-06T00:00:00
db:JVNDBid:JVNDB-2022-002873date:2023-10-10T06:07:00
db:CNNVDid:CNNVD-202201-643date:2022-11-09T00:00:00
db:NVDid:CVE-2022-22827date:2022-10-06T12:52:17.230

SOURCES RELEASE DATE

db:VULHUBid:VHN-411553date:2022-01-10T00:00:00
db:VULMONid:CVE-2022-22827date:2022-01-10T00:00:00
db:JVNDBid:JVNDB-2022-002873date:2023-01-19T00:00:00
db:PACKETSTORMid:166431date:2022-03-24T14:34:35
db:PACKETSTORMid:168578date:2022-09-30T14:56:43
db:PACKETSTORMid:169540date:2022-10-27T13:05:19
db:PACKETSTORMid:169541date:2022-10-27T13:05:26
db:CNNVDid:CNNVD-202201-643date:2022-01-10T00:00:00
db:NVDid:CVE-2022-22827date:2022-01-10T14:12:57.363