ID

VAR-202202-0081


CVE

CVE-2022-25315


TITLE

Red Hat Security Advisory 2022-1070-01

Trust: 0.1

sources: PACKETSTORM: 166505

DESCRIPTION

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Virtualization Host security and enhancement update [ovirt-4.4.10] Async #2 Advisory ID: RHSA-2022:1053-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2022:1053 Issue date: 2022-03-24 CVE Names: CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 ==================================================================== 1. Summary: An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es): * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Red Hat Virtualization Host was rebased on Red Hat Enterprise Linux 8.5.0.3. (BZ#2048407) * Rebase package(s) to version: libvirt-7.6.0-6.1.module+el8.5.0+14474+b3410d40 Highlights and important bug fixes: consume libvirt fix for failure to connect socket to '/run/libvirt/virtlogd-sock' - possibly caused by too many open files from libvirtd. (BZ#2057048) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 2034626 - Upgrade elfutils to elfutils-0.185-1.el8 2048407 - Rebase RHV-H 4.4.10 on RHEL 8.5.0.3 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 2057048 - consume libvirt fix for: Failed to connect socket to '/run/libvirt/virtlogd-sock' - possibly caused by Too many open files from libvirtd 6. Package List: Red Hat Virtualization 4 Hypervisor for RHEL 8: Source: elfutils-0.185-1.el8.src.rpm redhat-virtualization-host-4.4.10-202203211649_8.5.src.rpm x86_64: elfutils-debuginfo-0.185-1.el8.x86_64.rpm elfutils-debuginfod-client-0.185-1.el8.x86_64.rpm elfutils-debuginfod-client-debuginfo-0.185-1.el8.x86_64.rpm elfutils-debuginfod-debuginfo-0.185-1.el8.x86_64.rpm elfutils-debugsource-0.185-1.el8.x86_64.rpm elfutils-devel-0.185-1.el8.x86_64.rpm elfutils-libelf-debuginfo-0.185-1.el8.x86_64.rpm elfutils-libs-debuginfo-0.185-1.el8.x86_64.rpm redhat-virtualization-host-image-update-4.4.10-202203211649_8.5.x86_64.rpm RHEL 8-based RHEV-H for RHEV 4 (build requirements): Source: redhat-release-virtualization-host-4.4.10-3.el8ev.src.rpm noarch: redhat-virtualization-host-image-update-placeholder-4.4.10-3.el8ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.4.10-3.el8ev.x86_64.rpm redhat-release-virtualization-host-content-4.4.10-3.el8ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYjyObtzjgjWX9erEAQgVfRAAkn+C8psWL5puBda6ty9qD6KjY6BMGqH+ us3YStx9Dk/frDv1eRHtQd0pNNPfNNvah3Y/OraXEbX8DfiMczGL/3ESHXnlNl8b l0BE08QeJig4Q2WIOwcGyyB4jIepDt+bilDKSck+f84UN+mgk/Iqn8XvKE8WnRwk TebToONC7hwnSjdHt1XlF6pEqpAo5XOpwCfzpGNmVWvt3Ddgas2EE6eUkFNaKOBN UFe1ZTyvSgZpmr4Kxx7AoF3+CnnEJb8lCrRG71cVsPLHBAiwcEMOQN8yfCqj30il DhCWhchX7OcVwJBhOLUR87SheaUxhfLJAaieyW4gisbot5KbWZgM0GTt0Lr2/z7G CLuFzXwFZGjsljH7iXRjdDt/8D7CThMTF+6jkkW+jJuVYFyCh12OTAmSd9LJ8xB4 jfvj3ow7Gmrzn9QN67DcqTQ+DHWEvUScy8qfs0lAz1XatPi2tf2dNO/IxSdz/bV3 /mBkMOYbYPgSeT/6i7m2pp+3iXq6QZfAFIvVaqolVWZOuBbX8cU+XOUcrQvT+L5Y NNlrSJvxZ4VVaaHbqudizFYvkni12V8tQe7uPsNpTJi3iTc8ShtoTtGTiUPE7mff fhB9jEGy0yuIEg0VlokjRCEo5Q3D5xfPPQZeTOEiAciksQJn6PhjR9MuaxtXEYqq +Ej7k5UtzjI=TqDc -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/ Security updates: * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * nodejs-shelljs: improper privilege management (CVE-2022-0144) * follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) Bug fix: * RHACM 2.3.8 images (Bugzilla #2062316) 3. Bugs fixed (https://bugzilla.redhat.com/): 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images 5. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Expat is a C library for parsing XML documents. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2059996 - read_lines_limit needs to be adjusted according to the setting of buffer_chunk_size 2066837 - CVE-2022-24769 moby: Default inheritable capabilities for linux container should be empty 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5085-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : expat CVE ID : CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 Debian Bug : 1005894 1005895 Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u3. For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u2. We recommend that you upgrade your expat packages. For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIVRKdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SL9w//RNie279tKBMcCgzAMRvLLaRJuNSs/akfBMFJ77Db4X/CSprrIseKoK8N Z0jA6pMK+AvY4NW+lhOKq3C1j5ZrtuudHdq17QJoJqBYcvl6vZjbwomr+aVhMg5E D3BwTC4jS9FDeo5eaxsq816gFaR6fEnRXCVeTIp7eu32dOzdf+9cqFBWJM5B3ivK F50Y+NH+tTq3tyjD983XxdFpO8w2hHkIlWQGJk550Qxuyww6gEyrr2fu7ixYNcB9 /+UDebxV4IDg5UnzEvcvR2acIX6oL3+HeKoRBj8D6IiA4hS+A2XReOnRZz5AulM8 pBHz+oJfoh+a/l7YBZ83Q7pmlXXvKcQQ0Z8gEURJhpbQkUdgfQROduzQVvbQdBxX Olq62vZXTi0W6FaKiCrY+PP//aCpflcl9zP1odU0grg/oWiVN6bZMUG/Fj+eZdRv TCJZTLvRGpMhvmISadKBtXcXcxXJYvijva7zqsDp+oRemiLwOytqNzyfmTUm1rff JvWLnyviQDtLcDq41+a+vI7wbwSZ/K8v5cUp8mWqw7TT28u0wcILKC+jLCo7GsrV tL71cV6hI7aw/VNziwSJsfs5Ei7jDchNQKoEJh/Z108EZnjeNBZr2PNhRoyvVaau mxgqrfbcayyjrw+EE12OaA7zpBv/DS7HR7mKU3O8DdFNI4J2w/E= =MVQQ -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2022-25315 // VULHUB: VHN-415282 // VULMON: CVE-2022-25315 // PACKETSTORM: 166505 // PACKETSTORM: 166431 // PACKETSTORM: 166414 // PACKETSTORM: 166453 // PACKETSTORM: 166516 // PACKETSTORM: 166291 // PACKETSTORM: 166348 // PACKETSTORM: 166954 // PACKETSTORM: 169228

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:libexpatmodel:libexpatscope:ltversion:2.4.5

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.1

Trust: 1.0

sources: NVD: CVE-2022-25315

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-25315
value: CRITICAL

Trust: 1.0

VULHUB: VHN-415282
value: HIGH

Trust: 0.1

VULMON: CVE-2022-25315
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-25315
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-415282
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-25315
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-415282 // VULMON: CVE-2022-25315 // NVD: CVE-2022-25315

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

sources: VULHUB: VHN-415282 // NVD: CVE-2022-25315

TYPE

overflow, code execution

Trust: 0.5

sources: PACKETSTORM: 166505 // PACKETSTORM: 166414 // PACKETSTORM: 166453 // PACKETSTORM: 166291 // PACKETSTORM: 166348

PATCH

title:Amazon Linux AMI: ALAS-2022-1570url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1570

Trust: 0.1

title:Ubuntu Security Notice: USN-5320-1: Expat vulnerabilities and regressionurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5320-1

Trust: 0.1

title:Red Hat: url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-25315

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1759url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1759

Trust: 0.1

title:Red Hat: Important: Red Hat Virtualization Host security and enhancement update [ovirt-4.4.10] Async #2url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221053 - Security Advisory

Trust: 0.1

title:Red Hat: Important: expat security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221068 - Security Advisory

Trust: 0.1

title:Red Hat: Important: expat security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221309 - Security Advisory

Trust: 0.1

title:Red Hat: Important: expat security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221070 - Security Advisory

Trust: 0.1

title:Red Hat: Important: expat security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221012 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-5085-1 expat -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=b32ad21c953fb4340d1a4cbd3394eb98

Trust: 0.1

title:Red Hat: Important: mingw-expat security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227811 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Virtualization 4.10.1 Images security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20224668 - Security Advisory

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-036url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-036

Trust: 0.1

title:Red Hat: Moderate: Red Hat OpenShift Service Mesh 2.1.2.1 containers security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221739 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: firefox security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220816 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: firefox security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220824 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: firefox security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220818 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: firefox security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220817 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: firefox security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220815 - Security Advisory

Trust: 0.1

title:Red Hat: Important: thunderbird security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220850 - Security Advisory

Trust: 0.1

title:Red Hat: Important: thunderbird security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220847 - Security Advisory

Trust: 0.1

title:Red Hat: Important: thunderbird security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220853 - Security Advisory

Trust: 0.1

title:Red Hat: Important: thunderbird security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220845 - Security Advisory

Trust: 0.1

title:Red Hat: Important: thunderbird security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220843 - Security Advisory

Trust: 0.1

title:Red Hat: Important: expat security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220951 - Security Advisory

Trust: 0.1

title:Red Hat: Important: RHV-H security update (redhat-virtualization-host) 4.3.22url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221263 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227143 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227144 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift GitOps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221039 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1779url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1779

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.6.57 security and extras updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221622 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift GitOps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221041 - Security Advisory

Trust: 0.1

title:Red Hat: Low: Release of OpenShift Serverless Version 1.22.0url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221747 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift GitOps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221042 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221734 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updatesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221083 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221476 - Security Advisory

Trust: 0.1

title:Amazon Linux 2022: ALAS-2022-232url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS-2022-232

Trust: 0.1

title:Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221396 - Security Advisory

Trust: 0.1

title:PoC in GitHuburl:https://github.com/manas3c/CVE-POC

Trust: 0.1

title:veracode-container-security-finding-parserurl:https://github.com/vincent-deng/veracode-container-security-finding-parser

Trust: 0.1

sources: VULMON: CVE-2022-25315

EXTERNAL IDS

db:NVDid:CVE-2022-25315

Trust: 2.1

db:SIEMENSid:SSA-484086

Trust: 1.2

db:OPENWALLid:OSS-SECURITY/2022/02/19/1

Trust: 1.2

db:PACKETSTORMid:166505

Trust: 0.2

db:PACKETSTORMid:166453

Trust: 0.2

db:PACKETSTORMid:166954

Trust: 0.2

db:PACKETSTORMid:166348

Trust: 0.2

db:PACKETSTORMid:166291

Trust: 0.2

db:PACKETSTORMid:166414

Trust: 0.2

db:CNVDid:CNVD-2022-18355

Trust: 0.1

db:PACKETSTORMid:166277

Trust: 0.1

db:PACKETSTORMid:166293

Trust: 0.1

db:PACKETSTORMid:167226

Trust: 0.1

db:PACKETSTORMid:166276

Trust: 0.1

db:PACKETSTORMid:166296

Trust: 0.1

db:PACKETSTORMid:166500

Trust: 0.1

db:PACKETSTORMid:166496

Trust: 0.1

db:PACKETSTORMid:166983

Trust: 0.1

db:PACKETSTORMid:166254

Trust: 0.1

db:PACKETSTORMid:166298

Trust: 0.1

db:PACKETSTORMid:166261

Trust: 0.1

db:PACKETSTORMid:166275

Trust: 0.1

db:PACKETSTORMid:169777

Trust: 0.1

db:PACKETSTORMid:166437

Trust: 0.1

db:PACKETSTORMid:166300

Trust: 0.1

db:PACKETSTORMid:166274

Trust: 0.1

db:VULHUBid:VHN-415282

Trust: 0.1

db:ICS CERTid:ICSA-22-167-17

Trust: 0.1

db:VULMONid:CVE-2022-25315

Trust: 0.1

db:PACKETSTORMid:166431

Trust: 0.1

db:PACKETSTORMid:166516

Trust: 0.1

db:PACKETSTORMid:169228

Trust: 0.1

sources: VULHUB: VHN-415282 // VULMON: CVE-2022-25315 // PACKETSTORM: 166505 // PACKETSTORM: 166431 // PACKETSTORM: 166414 // PACKETSTORM: 166453 // PACKETSTORM: 166516 // PACKETSTORM: 166291 // PACKETSTORM: 166348 // PACKETSTORM: 166954 // PACKETSTORM: 169228 // NVD: CVE-2022-25315

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Trust: 1.2

url:https://security.netapp.com/advisory/ntap-20220303-0008/

Trust: 1.2

url:https://www.debian.org/security/2022/dsa-5085

Trust: 1.2

url:https://security.gentoo.org/glsa/202209-24

Trust: 1.2

url:https://github.com/libexpat/libexpat/pull/559

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.2

url:https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html

Trust: 1.2

url:http://www.openwall.com/lists/oss-security/2022/02/19/1

Trust: 1.2

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/

Trust: 1.1

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-25235

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-25315

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-25236

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-25315

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-25235

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-25236

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.6

url:https://access.redhat.com/security/team/key/

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22825

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22824

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22823

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22822

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-23852

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-22823

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22827

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-22824

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-45960

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-22822

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-46143

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-46143

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22825

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-45960

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22826

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-0261

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23219

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23177

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-31566

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23218

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0361

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0261

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23308

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22826

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-24407

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0318

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3999

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22827

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0413

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0392

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0361

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23177

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0359

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0318

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0392

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0413

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23852

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0359

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3999

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-31566

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0435

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0435

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/190.html

Trust: 0.1

url:https://alas.aws.amazon.com/alas-2022-1570.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5320-1

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1070

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1025

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25710

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1042

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23219

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24731

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24730

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0811

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24730

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1025

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1012

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1053

Trust: 0.1

url:https://access.redhat.com/articles/2974891

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0235

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0235

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0516

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0536

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0492

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0536

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1083

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0920

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0144

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0920

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0847

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0330

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0144

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22942

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4154

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23566

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0492

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26485

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26386

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26387

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26386

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26383

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26486

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26387

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26381

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26384

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0853

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26383

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26485

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26486

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26384

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26381

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0951

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8649

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25182

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25173

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21426

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25181

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21476

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21443

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25173

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25184

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8647

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25175

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25176

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25176

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8649

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25174

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25182

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21496

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25180

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25178

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21496

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0711

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25175

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1622

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0711

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25177

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25183

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25180

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21434

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25179

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24769

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8647

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21443

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21434

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0778

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25179

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21426

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21476

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0778

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25178

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25174

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24769

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25183

Trust: 0.1

url:https://access.redhat.com/errata/rhba-2022:1621

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25313

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25314

Trust: 0.1

url:https://security-tracker.debian.org/tracker/expat

Trust: 0.1

sources: VULHUB: VHN-415282 // VULMON: CVE-2022-25315 // PACKETSTORM: 166505 // PACKETSTORM: 166431 // PACKETSTORM: 166414 // PACKETSTORM: 166453 // PACKETSTORM: 166516 // PACKETSTORM: 166291 // PACKETSTORM: 166348 // PACKETSTORM: 166954 // PACKETSTORM: 169228 // NVD: CVE-2022-25315

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 166505 // PACKETSTORM: 166431 // PACKETSTORM: 166414 // PACKETSTORM: 166453 // PACKETSTORM: 166516 // PACKETSTORM: 166291 // PACKETSTORM: 166348 // PACKETSTORM: 166954

SOURCES

db:VULHUBid:VHN-415282
db:VULMONid:CVE-2022-25315
db:PACKETSTORMid:166505
db:PACKETSTORMid:166431
db:PACKETSTORMid:166414
db:PACKETSTORMid:166453
db:PACKETSTORMid:166516
db:PACKETSTORMid:166291
db:PACKETSTORMid:166348
db:PACKETSTORMid:166954
db:PACKETSTORMid:169228
db:NVDid:CVE-2022-25315

LAST UPDATE DATE

2024-11-07T20:22:14.023000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-415282date:2022-10-05T00:00:00
db:VULMONid:CVE-2022-25315date:2023-11-07T00:00:00
db:NVDid:CVE-2022-25315date:2023-11-07T03:44:45.833

SOURCES RELEASE DATE

db:VULHUBid:VHN-415282date:2022-02-18T00:00:00
db:VULMONid:CVE-2022-25315date:2022-02-18T00:00:00
db:PACKETSTORMid:166505date:2022-03-28T15:55:49
db:PACKETSTORMid:166431date:2022-03-24T14:34:35
db:PACKETSTORMid:166414date:2022-03-23T15:58:43
db:PACKETSTORMid:166453date:2022-03-25T15:19:32
db:PACKETSTORMid:166516date:2022-03-29T15:53:19
db:PACKETSTORMid:166291date:2022-03-14T18:48:14
db:PACKETSTORMid:166348date:2022-03-17T15:51:32
db:PACKETSTORMid:166954date:2022-05-04T21:42:33
db:PACKETSTORMid:169228date:2022-02-28T20:12:00
db:NVDid:CVE-2022-25315date:2022-02-18T05:15:08.237