ID

VAR-202202-0081


CVE

CVE-2022-25315


TITLE

Red Hat Security Advisory 2022-1068-01

Trust: 0.1

sources: PACKETSTORM: 166500

DESCRIPTION

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Description: Expat is a C library for parsing XML documents. Summary: The Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 5. These packages include redhat-release-virtualization-host. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Bug Fix(es): * RHV-H has been rebased on RHEL-7.9.z #13 (BZ#2048409) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Critical: firefox security and bug fix update Advisory ID: RHSA-2022:0824-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0824 Issue date: 2022-03-10 CVE Names: CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 CVE-2022-26485 CVE-2022-26486 ===================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fix(es): * Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485) * Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486) * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) * Mozilla: Use-after-free in text reflows (CVE-2022-26381) * Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383) * Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384) * Mozilla: Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387) * Mozilla: Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more (BZ#2030190) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2030190 - Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework 2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing 2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode 2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass 2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures 2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows 2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: firefox-91.7.0-3.el7_9.src.rpm x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-91.7.0-3.el7_9.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-91.7.0-3.el7_9.src.rpm ppc64: firefox-91.7.0-3.el7_9.ppc64.rpm firefox-debuginfo-91.7.0-3.el7_9.ppc64.rpm ppc64le: firefox-91.7.0-3.el7_9.ppc64le.rpm firefox-debuginfo-91.7.0-3.el7_9.ppc64le.rpm s390x: firefox-91.7.0-3.el7_9.s390x.rpm firefox-debuginfo-91.7.0-3.el7_9.s390x.rpm x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: firefox-91.7.0-3.el7_9.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-91.7.0-3.el7_9.src.rpm x86_64: firefox-91.7.0-3.el7_9.x86_64.rpm firefox-debuginfo-91.7.0-3.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-91.7.0-3.el7_9.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/cve/CVE-2022-26381 https://access.redhat.com/security/cve/CVE-2022-26383 https://access.redhat.com/security/cve/CVE-2022-26384 https://access.redhat.com/security/cve/CVE-2022-26386 https://access.redhat.com/security/cve/CVE-2022-26387 https://access.redhat.com/security/cve/CVE-2022-26485 https://access.redhat.com/security/cve/CVE-2022-26486 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYippANzjgjWX9erEAQhgNg//YsEjpISt7LhTnJY89mXCOcQ3RUkTFmkz 8daKpZZ7nnhuip5IdjS0NkHG0gy/TC3O4KgKu8J9ODgb5SaDyAbdPzDtQ4NlUn8S PzWLWTfJm9/nO3p/E7/x1k3vR5k6BPzhCOjHuuRhplQJjtKmZ/bZrvxNIoy4TD3R 2LPrxVOcgcIPFXnAIuZjQ0YyP6jySJOJVXJlcazPim1lK9QhrG0r0kryygZfb9mf ew6jjaVxaMRG4aLdBo5PG4sNSwEtiMLqGO7+DxdohF4AEPOpVgYxIvbIvLhOLMl9 SUrwFZnRGgoNmxBrvepgMljs1xEumBskupKZejmzsRsfM6SiCOCKAaWsJIiLN7BM 14aXwipLiCjFWkUkufUb+CXeTXDMv6kkAPpgOgyScCZ/gSGtpvC2OdXKGO7rki93 vs9eVM9awHrRmBKrM02/Y57q5Ct+R6ZjzCGLLq92Yjdi2QsuSRu9nZ2aQXcZixHL c8uZ9n5+FWGRXz8SZGgFKMwsYmroHsPuc+vs/Cpkc1l4B6D1bimkiyRE/PkZC0ky zEhKA1DPxrn7bxLAXO2SfTD1RHnsg9yxd70FKqCIVX3CSW7rcGNPbMTW1SMq/66x Lu+sApL9js/F1thqAX0OeVw6V+3x9jYE2egbkeb6d34oBr/aWXzwryD1mLSWCEX+ bKcbZLzdIk8= =OOuA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.1) - ppc64le, x86_64 3. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 2000478 - Using deprecated 1.25 API calls 2022742 - NNCP creation fails when node of a cluster is unavailable 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2028619 - policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+ 2029359 - NodeNetworkConfigurationPolicy refreshes all the conditions even if the policy has not gone to that state 2032837 - Add/remove label to priority class are not reconciled properly left HCO in Unknown status. 2033385 - Bug in kubernetes labels that are attached to the CNV logs 2038814 - [CNV-4.10-rhel9] hyperconverged-cluster-cli-download pod CrashLoopBackOff state 2039019 - Fix Top consumers dashboard 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2046686 - Importer pod keeps in retarting when dataimportcron has a reference to invalid image sha 2049990 - must-gather: must-gather is logging errors about upstream only namespaces 2053390 - No DataImportCron for CentOS 7 2054778 - PVC created with filesystem volume mode in some cases, instead of block volume mode 2054782 - DataImportCron status does not show failure when failing to create dataSource 2055304 - [4.10.z] nmstate interprets interface names as float64 and subsequently crashes on state update 2055950 - cnv installation should set empty node selector for openshift-cnv namespace 2056421 - non-privileged user cannot add disk as it cannot update resource "virtualmachines/addvolume" 2056464 - nmstate-webhook pods getting scheduled on the same node 2056619 - [4.10.z] kubemacpool-mac-controller-manager not ready 2057142 - CDI aggregate roles missing some types 2057148 - Cross namespace smart clone may get stuck in NamespaceTransferInProgress phase 2057613 - nmpolicy capture - race condition when appying teardown nncp; nnce fails 2059185 - must-gather: Must-gather gather_vms_details is not working when used with a list of vms 2059613 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs 2062227 - sriovLiveMigration should not be enabled on sno clusters 2062321 - when update attempt of hco.spec with storage classes failed, csv git stuck in installing state 2063991 - On upgraded cluster, "v2v-vmware" is present under hco.status.relatedObject 2065308 - CNV disables LiveMigration FG, but leaves LiveMigration workloadUpdateStrategy enabled 2065743 - 4.10.1 containers 2065755 - 4.10.1 rpms 2066086 - DataImportCrons do not automatically recover from unconfigured default storage class 2066712 - [4.10.z] Migration of vm from VMware reports pvc not large enough 2069055 - [4.10.z] On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop 2070050 - [4.10.1] Custom guest PCI address and boot order parameters are not respected in a list of multiple SR-IOV NICs 2073880 - Cannot create VM on SNO cluster as live migration feature is not enabled 2077920 - Migration in sequence can be reported as failed even when it succeeded 2078878 - SSP: Common templates fix to pick right templates 5

Trust: 1.8

sources: NVD: CVE-2022-25315 // VULHUB: VHN-415282 // PACKETSTORM: 166500 // PACKETSTORM: 166789 // PACKETSTORM: 166638 // PACKETSTORM: 166261 // PACKETSTORM: 166277 // PACKETSTORM: 166276 // PACKETSTORM: 166275 // PACKETSTORM: 166274 // PACKETSTORM: 167226

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:libexpatmodel:libexpatscope:ltversion:2.4.5

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.1

Trust: 1.0

sources: NVD: CVE-2022-25315

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-25315
value: CRITICAL

Trust: 1.0

VULHUB: VHN-415282
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-25315
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-415282
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-25315
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-415282 // NVD: CVE-2022-25315

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

sources: VULHUB: VHN-415282 // NVD: CVE-2022-25315

TYPE

overflow, code execution

Trust: 0.7

sources: PACKETSTORM: 166500 // PACKETSTORM: 166638 // PACKETSTORM: 166261 // PACKETSTORM: 166277 // PACKETSTORM: 166276 // PACKETSTORM: 166275 // PACKETSTORM: 166274

EXTERNAL IDS

db:NVDid:CVE-2022-25315

Trust: 2.0

db:SIEMENSid:SSA-484086

Trust: 1.1

db:OPENWALLid:OSS-SECURITY/2022/02/19/1

Trust: 1.1

db:PACKETSTORMid:166277

Trust: 0.2

db:PACKETSTORMid:167226

Trust: 0.2

db:PACKETSTORMid:166276

Trust: 0.2

db:PACKETSTORMid:166500

Trust: 0.2

db:PACKETSTORMid:166261

Trust: 0.2

db:PACKETSTORMid:166275

Trust: 0.2

db:PACKETSTORMid:166274

Trust: 0.2

db:CNVDid:CNVD-2022-18355

Trust: 0.1

db:PACKETSTORMid:166293

Trust: 0.1

db:PACKETSTORMid:166296

Trust: 0.1

db:PACKETSTORMid:166505

Trust: 0.1

db:PACKETSTORMid:166453

Trust: 0.1

db:PACKETSTORMid:166496

Trust: 0.1

db:PACKETSTORMid:166983

Trust: 0.1

db:PACKETSTORMid:166254

Trust: 0.1

db:PACKETSTORMid:166954

Trust: 0.1

db:PACKETSTORMid:166298

Trust: 0.1

db:PACKETSTORMid:166348

Trust: 0.1

db:PACKETSTORMid:169777

Trust: 0.1

db:PACKETSTORMid:166291

Trust: 0.1

db:PACKETSTORMid:166437

Trust: 0.1

db:PACKETSTORMid:166414

Trust: 0.1

db:PACKETSTORMid:166300

Trust: 0.1

db:VULHUBid:VHN-415282

Trust: 0.1

db:PACKETSTORMid:166789

Trust: 0.1

db:PACKETSTORMid:166638

Trust: 0.1

sources: VULHUB: VHN-415282 // PACKETSTORM: 166500 // PACKETSTORM: 166789 // PACKETSTORM: 166638 // PACKETSTORM: 166261 // PACKETSTORM: 166277 // PACKETSTORM: 166276 // PACKETSTORM: 166275 // PACKETSTORM: 166274 // PACKETSTORM: 167226 // NVD: CVE-2022-25315

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20220303-0008/

Trust: 1.1

url:https://www.debian.org/security/2022/dsa-5085

Trust: 1.1

url:https://security.gentoo.org/glsa/202209-24

Trust: 1.1

url:https://github.com/libexpat/libexpat/pull/559

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html

Trust: 1.1

url:http://www.openwall.com/lists/oss-security/2022/02/19/1

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/

Trust: 1.0

url:https://bugzilla.redhat.com/):

Trust: 0.9

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2022-25235

Trust: 0.9

url:https://access.redhat.com/security/team/contact/

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2022-25315

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2022-25236

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2022-25315

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-25235

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-25236

Trust: 0.8

url:https://access.redhat.com/security/team/key/

Trust: 0.7

url:https://access.redhat.com/articles/11258

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-26485

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26386

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26387

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-26386

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-26383

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-26486

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-26387

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-26381

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26384

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26383

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-26485

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26486

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-26384

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-26381

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-0778

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-41190

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-0920

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36221

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22942

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0330

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-0920

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0778

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-24407

Trust: 0.2

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1068

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0492

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21684

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25710

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20231

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20232

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4122

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22822

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22823

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22827

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0392

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0261

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22826

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3999

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22817

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0413

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44716

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1396

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22824

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-45960

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3577

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.1

url:https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22825

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0435

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0532

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-46143

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-3577

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22816

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21684

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0359

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0318

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44717

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22942

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4083

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4028

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-45417

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-45417

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0330

Trust: 0.1

url:https://access.redhat.com/articles/2974891

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4028

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4155

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1263

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4083

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4155

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0824

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0818

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0815

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0816

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0817

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41190

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21698

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:4668

Trust: 0.1

sources: VULHUB: VHN-415282 // PACKETSTORM: 166500 // PACKETSTORM: 166789 // PACKETSTORM: 166638 // PACKETSTORM: 166261 // PACKETSTORM: 166277 // PACKETSTORM: 166276 // PACKETSTORM: 166275 // PACKETSTORM: 166274 // PACKETSTORM: 167226 // NVD: CVE-2022-25315

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 166500 // PACKETSTORM: 166789 // PACKETSTORM: 166638 // PACKETSTORM: 166261 // PACKETSTORM: 166277 // PACKETSTORM: 166276 // PACKETSTORM: 166275 // PACKETSTORM: 166274 // PACKETSTORM: 167226

SOURCES

db:VULHUBid:VHN-415282
db:PACKETSTORMid:166500
db:PACKETSTORMid:166789
db:PACKETSTORMid:166638
db:PACKETSTORMid:166261
db:PACKETSTORMid:166277
db:PACKETSTORMid:166276
db:PACKETSTORMid:166275
db:PACKETSTORMid:166274
db:PACKETSTORMid:167226
db:NVDid:CVE-2022-25315

LAST UPDATE DATE

2024-11-20T21:39:26.447000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-415282date:2022-10-05T00:00:00
db:NVDid:CVE-2022-25315date:2023-11-07T03:44:45.833

SOURCES RELEASE DATE

db:VULHUBid:VHN-415282date:2022-02-18T00:00:00
db:PACKETSTORMid:166500date:2022-03-28T15:55:03
db:PACKETSTORMid:166789date:2022-04-20T15:12:33
db:PACKETSTORMid:166638date:2022-04-07T16:39:57
db:PACKETSTORMid:166261date:2022-03-11T16:21:19
db:PACKETSTORMid:166277date:2022-03-11T16:37:50
db:PACKETSTORMid:166276date:2022-03-11T16:37:42
db:PACKETSTORMid:166275date:2022-03-11T16:37:32
db:PACKETSTORMid:166274date:2022-03-11T16:37:24
db:PACKETSTORMid:167226date:2022-05-19T15:53:21
db:NVDid:CVE-2022-25315date:2022-02-18T05:15:08.237