ID

VAR-202202-0050


CVE

CVE-2022-25235


TITLE

Red Hat Security Advisory 2022-1039-01

Trust: 0.1

sources: PACKETSTORM: 166437

DESCRIPTION

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. Expat is a fast streaming XML parser written in C. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security and bug fix update Advisory ID: RHSA-2022:0824-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0824 Issue date: 2022-03-10 CVE Names: CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 CVE-2022-26486 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): * Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) * Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) * Mozilla: Use-after-free in text reflows (CVE-2022-26381) * Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383) * Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384) * Mozilla: Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387) * Mozilla: Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more (BZ#2030190) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2030190 - Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework 2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing 2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode 2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass 2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures 2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows 2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: firefox-91.7.0-3.el7_9.src.rpm x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-91.7.0-3.el7_9.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-91.7.0-3.el7_9.src.rpm ppc64: firefox-91.7.0-3.el7_9.ppc64.rpm firefox-debuginfo-91.7.0-3.el7_9.ppc64.rpm ppc64le: firefox-91.7.0-3.el7_9.ppc64le.rpm firefox-debuginfo-91.7.0-3.el7_9.ppc64le.rpm s390x: firefox-91.7.0-3.el7_9.s390x.rpm firefox-debuginfo-91.7.0-3.el7_9.s390x.rpm x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: firefox-91.7.0-3.el7_9.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-91.7.0-3.el7_9.src.rpm x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-91.7.0-3.el7_9.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/cve/CVE-2022-26381 https://access.redhat.com/security/cve/CVE-2022-26383 https://access.redhat.com/security/cve/CVE-2022-26384 https://access.redhat.com/security/cve/CVE-2022-26386 https://access.redhat.com/security/cve/CVE-2022-26387 https://access.redhat.com/security/cve/CVE-2022-26485 https://access.redhat.com/security/cve/CVE-2022-26486 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYippANzjgjWX9erEAQhgNg//YsEjpISt7LhTnJY89mXCOcQ3RUkTFmkz 8daKpZZ7nnhuip5IdjS0NkHG0gy/TC3O4KgKu8J9ODgb5SaDyAbdPzDtQ4NlUn8S PzWLWTfJm9/nO3p/E7/x1k3vR5k6BPzhCOjHuuRhplQJjtKmZ/bZrvxNIoy4TD3R 2LPrxVOcgcIPFXnAIuZjQ0YyP6jySJOJVXJlcazPim1lK9QhrG0r0kryygZfb9mf ew6jjaVxaMRG4aLdBo5PG4sNSwEtiMLqGO7+DxdohF4AEPOpVgYxIvbIvLhOLMl9 SUrwFZnRGgoNmxBrvepgMljs1xEumBskupKZejmzsRsfM6SiCOCKAaWsJIiLN7BM 14aXwipLiCjFWkUkufUb+CXeTXDMv6kkAPpgOgyScCZ/gSGtpvC2OdXKGO7rki93 vs9eVM9awHrRmBKrM02/Y57q5Ct+R6ZjzCGLLq92Yjdi2QsuSRu9nZ2aQXcZixHL c8uZ9n5+FWGRXz8SZGgFKMwsYmroHsPuc+vs/Cpkc1l4B6D1bimkiyRE/PkZC0ky zEhKA1DPxrn7bxLAXO2SfTD1RHnsg9yxd70FKqCIVX3CSW7rcGNPbMTW1SMq/66x Lu+sApL9js/F1thqAX0OeVw6V+3x9jYE2egbkeb6d34oBr/aWXzwryD1mLSWCEX+ bKcbZLzdIk8= =OOuA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.1) - ppc64le, x86_64 3. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/): 1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path 2010934 - CVE-2021-41524 httpd: NULL pointer dereference via crafted request during HTTP/2 request processing 2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations 2044451 - CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat 2044455 - CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c 2044457 - CVE-2022-22822 expat: Integer overflow in addBinding in xmlparse.c 2044464 - CVE-2022-22823 expat: Integer overflow in build_model in xmlparse.c 2044467 - CVE-2022-22824 expat: Integer overflow in defineAttribute in xmlparse.c 2044479 - CVE-2022-22825 expat: Integer overflow in lookup in xmlparse.c 2044484 - CVE-2022-22826 expat: Integer overflow in nextScaffoldPart in xmlparse.c 2044488 - CVE-2022-22827 expat: Integer overflow in storeAtts in xmlparse.c 2044613 - CVE-2022-23852 expat: Integer overflow in function XML_GetBuffer 2048356 - CVE-2022-23990 expat: integer overflow in the doProlog function 2056350 - CVE-2022-25313 expat: stack exhaustion in doctype parsing 2056354 - CVE-2022-25314 expat: integer overflow in copyString() 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 6

Trust: 1.8

sources: NVD: CVE-2022-25235 // VULHUB: VHN-415126 // PACKETSTORM: 166437 // PACKETSTORM: 166261 // PACKETSTORM: 166277 // PACKETSTORM: 166276 // PACKETSTORM: 166275 // PACKETSTORM: 166274 // PACKETSTORM: 166844 // PACKETSTORM: 169540 // PACKETSTORM: 169541

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:libexpatmodel:libexpatscope:ltversion:2.4.5

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.1

Trust: 1.0

sources: NVD: CVE-2022-25235

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-25235
value: CRITICAL

Trust: 1.0

VULHUB: VHN-415126
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-25235
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-415126
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-25235
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-415126 // NVD: CVE-2022-25235

PROBLEMTYPE DATA

problemtype:CWE-116

Trust: 1.1

sources: VULHUB: VHN-415126 // NVD: CVE-2022-25235

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 166844

TYPE

overflow, code execution

Trust: 0.7

sources: PACKETSTORM: 166261 // PACKETSTORM: 166277 // PACKETSTORM: 166276 // PACKETSTORM: 166275 // PACKETSTORM: 166274 // PACKETSTORM: 169540 // PACKETSTORM: 169541

EXTERNAL IDS

db:NVDid:CVE-2022-25235

Trust: 2.0

db:SIEMENSid:SSA-484086

Trust: 1.1

db:OPENWALLid:OSS-SECURITY/2022/02/19/1

Trust: 1.1

db:PACKETSTORMid:166277

Trust: 0.2

db:PACKETSTORMid:166276

Trust: 0.2

db:PACKETSTORMid:166261

Trust: 0.2

db:PACKETSTORMid:166275

Trust: 0.2

db:PACKETSTORMid:166437

Trust: 0.2

db:PACKETSTORMid:166274

Trust: 0.2

db:PACKETSTORMid:166293

Trust: 0.1

db:PACKETSTORMid:167226

Trust: 0.1

db:PACKETSTORMid:166433

Trust: 0.1

db:PACKETSTORMid:166505

Trust: 0.1

db:PACKETSTORMid:166500

Trust: 0.1

db:PACKETSTORMid:166296

Trust: 0.1

db:PACKETSTORMid:166453

Trust: 0.1

db:PACKETSTORMid:167008

Trust: 0.1

db:PACKETSTORMid:166496

Trust: 0.1

db:PACKETSTORMid:166983

Trust: 0.1

db:PACKETSTORMid:166954

Trust: 0.1

db:PACKETSTORMid:166298

Trust: 0.1

db:PACKETSTORMid:166348

Trust: 0.1

db:PACKETSTORMid:169777

Trust: 0.1

db:PACKETSTORMid:166291

Trust: 0.1

db:PACKETSTORMid:166414

Trust: 0.1

db:PACKETSTORMid:168578

Trust: 0.1

db:PACKETSTORMid:166300

Trust: 0.1

db:CNVDid:CNVD-2022-18356

Trust: 0.1

db:VULHUBid:VHN-415126

Trust: 0.1

db:PACKETSTORMid:166844

Trust: 0.1

db:PACKETSTORMid:169540

Trust: 0.1

db:PACKETSTORMid:169541

Trust: 0.1

sources: VULHUB: VHN-415126 // PACKETSTORM: 166437 // PACKETSTORM: 166261 // PACKETSTORM: 166277 // PACKETSTORM: 166276 // PACKETSTORM: 166275 // PACKETSTORM: 166274 // PACKETSTORM: 166844 // PACKETSTORM: 169540 // PACKETSTORM: 169541 // NVD: CVE-2022-25235

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20220303-0008/

Trust: 1.1

url:https://www.debian.org/security/2022/dsa-5085

Trust: 1.1

url:https://security.gentoo.org/glsa/202209-24

Trust: 1.1

url:https://github.com/libexpat/libexpat/pull/562

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html

Trust: 1.1

url:http://www.openwall.com/lists/oss-security/2022/02/19/1

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/

Trust: 1.0

url:https://access.redhat.com/articles/11258

Trust: 0.9

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.9

url:https://access.redhat.com/security/team/contact/

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2022-25235

Trust: 0.9

url:https://bugzilla.redhat.com/):

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2022-25315

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-25236

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-25235

Trust: 0.7

url:https://access.redhat.com/security/team/key/

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-25236

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-25315

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-26485

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26386

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26387

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-26386

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-26383

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-26486

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-26387

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-26381

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26384

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26383

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-26485

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26486

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-26384

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26381

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-22825

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22824

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22823

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22822

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-23852

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-22823

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-22826

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22827

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-22824

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-45960

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-22822

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-46143

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-22827

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-46143

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22825

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-45960

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22826

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-23852

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-33193

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-44224

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25313

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36160

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-39275

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-41524

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-33193

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-41524

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23990

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25314

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-44224

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-36160

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-39275

Trust: 0.2

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1025

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25710

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23308

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24407

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24731

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3999

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24730

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23308

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24731

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24730

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1039

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1025

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3999

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31566

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0824

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0818

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0815

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0816

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0817

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1539

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7144

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7143

Trust: 0.1

sources: VULHUB: VHN-415126 // PACKETSTORM: 166437 // PACKETSTORM: 166261 // PACKETSTORM: 166277 // PACKETSTORM: 166276 // PACKETSTORM: 166275 // PACKETSTORM: 166274 // PACKETSTORM: 166844 // PACKETSTORM: 169540 // PACKETSTORM: 169541 // NVD: CVE-2022-25235

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 166437 // PACKETSTORM: 166261 // PACKETSTORM: 166277 // PACKETSTORM: 166276 // PACKETSTORM: 166275 // PACKETSTORM: 166274 // PACKETSTORM: 166844 // PACKETSTORM: 169540 // PACKETSTORM: 169541

SOURCES

db:VULHUBid:VHN-415126
db:PACKETSTORMid:166437
db:PACKETSTORMid:166261
db:PACKETSTORMid:166277
db:PACKETSTORMid:166276
db:PACKETSTORMid:166275
db:PACKETSTORMid:166274
db:PACKETSTORMid:166844
db:PACKETSTORMid:169540
db:PACKETSTORMid:169541
db:NVDid:CVE-2022-25235

LAST UPDATE DATE

2024-11-07T20:14:36.494000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-415126date:2022-10-07T00:00:00
db:NVDid:CVE-2022-25235date:2023-11-07T03:44:44.940

SOURCES RELEASE DATE

db:VULHUBid:VHN-415126date:2022-02-16T00:00:00
db:PACKETSTORMid:166437date:2022-03-24T14:40:17
db:PACKETSTORMid:166261date:2022-03-11T16:21:19
db:PACKETSTORMid:166277date:2022-03-11T16:37:50
db:PACKETSTORMid:166276date:2022-03-11T16:37:42
db:PACKETSTORMid:166275date:2022-03-11T16:37:32
db:PACKETSTORMid:166274date:2022-03-11T16:37:24
db:PACKETSTORMid:166844date:2022-04-27T17:30:03
db:PACKETSTORMid:169540date:2022-10-27T13:05:19
db:PACKETSTORMid:169541date:2022-10-27T13:05:26
db:NVDid:CVE-2022-25235date:2022-02-16T01:15:07.607