ID

VAR-202202-0906


CVE

CVE-2022-23308


TITLE

Red Hat Security Advisory 2022-0899-01

Trust: 0.1

sources: PACKETSTORM: 166327

DESCRIPTION

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2022:0899-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0899 Issue date: 2022-03-15 CVE Names: CVE-2022-23308 ===================================================================== 1. Summary: An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Use-after-free of ID and IDREF attributes (CVE-2022-23308) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The desktop must be restarted (log out, then log back in) for this update to take effect. 5. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: libxml2-debuginfo-2.9.7-12.el8_5.aarch64.rpm libxml2-debugsource-2.9.7-12.el8_5.aarch64.rpm libxml2-devel-2.9.7-12.el8_5.aarch64.rpm python3-libxml2-debuginfo-2.9.7-12.el8_5.aarch64.rpm ppc64le: libxml2-debuginfo-2.9.7-12.el8_5.ppc64le.rpm libxml2-debugsource-2.9.7-12.el8_5.ppc64le.rpm libxml2-devel-2.9.7-12.el8_5.ppc64le.rpm python3-libxml2-debuginfo-2.9.7-12.el8_5.ppc64le.rpm s390x: libxml2-debuginfo-2.9.7-12.el8_5.s390x.rpm libxml2-debugsource-2.9.7-12.el8_5.s390x.rpm libxml2-devel-2.9.7-12.el8_5.s390x.rpm python3-libxml2-debuginfo-2.9.7-12.el8_5.s390x.rpm x86_64: libxml2-debuginfo-2.9.7-12.el8_5.i686.rpm libxml2-debuginfo-2.9.7-12.el8_5.x86_64.rpm libxml2-debugsource-2.9.7-12.el8_5.i686.rpm libxml2-debugsource-2.9.7-12.el8_5.x86_64.rpm libxml2-devel-2.9.7-12.el8_5.i686.rpm libxml2-devel-2.9.7-12.el8_5.x86_64.rpm python3-libxml2-debuginfo-2.9.7-12.el8_5.i686.rpm python3-libxml2-debuginfo-2.9.7-12.el8_5.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: libxml2-2.9.7-12.el8_5.src.rpm aarch64: libxml2-2.9.7-12.el8_5.aarch64.rpm libxml2-debuginfo-2.9.7-12.el8_5.aarch64.rpm libxml2-debugsource-2.9.7-12.el8_5.aarch64.rpm python3-libxml2-2.9.7-12.el8_5.aarch64.rpm python3-libxml2-debuginfo-2.9.7-12.el8_5.aarch64.rpm ppc64le: libxml2-2.9.7-12.el8_5.ppc64le.rpm libxml2-debuginfo-2.9.7-12.el8_5.ppc64le.rpm libxml2-debugsource-2.9.7-12.el8_5.ppc64le.rpm python3-libxml2-2.9.7-12.el8_5.ppc64le.rpm python3-libxml2-debuginfo-2.9.7-12.el8_5.ppc64le.rpm s390x: libxml2-2.9.7-12.el8_5.s390x.rpm libxml2-debuginfo-2.9.7-12.el8_5.s390x.rpm libxml2-debugsource-2.9.7-12.el8_5.s390x.rpm python3-libxml2-2.9.7-12.el8_5.s390x.rpm python3-libxml2-debuginfo-2.9.7-12.el8_5.s390x.rpm x86_64: libxml2-2.9.7-12.el8_5.i686.rpm libxml2-2.9.7-12.el8_5.x86_64.rpm libxml2-debuginfo-2.9.7-12.el8_5.i686.rpm libxml2-debuginfo-2.9.7-12.el8_5.x86_64.rpm libxml2-debugsource-2.9.7-12.el8_5.i686.rpm libxml2-debugsource-2.9.7-12.el8_5.x86_64.rpm python3-libxml2-2.9.7-12.el8_5.x86_64.rpm python3-libxml2-debuginfo-2.9.7-12.el8_5.i686.rpm python3-libxml2-debuginfo-2.9.7-12.el8_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. Description: This release adds the new Apache HTTP Server 2.4.37 Service Pack 11 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1950515 - CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms 1954225 - CVE-2021-3516 libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c 1954232 - CVE-2021-3517 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c 1954242 - CVE-2021-3518 libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c 1956522 - CVE-2021-3537 libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode 2056913 - CVE-2022-23308 libxml2: Use-after-free of ID and IDREF attributes 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064321 - CVE-2022-22720 httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling 6. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.3.8 General Availability release images, which provide security and container updates. Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/ Security updates: * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * nodejs-shelljs: improper privilege management (CVE-2022-0144) * follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) Bug fix: * RHACM 2.3.8 images (Bugzilla #2062316) 3. Bugs fixed (https://bugzilla.redhat.com/): 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: libxml2: Multiple Vulnerabilities Date: October 16, 2022 Bugs: #833809, #842261, #865727 ID: 202210-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in libxml2, the worst of which could result in arbitrary code execution. Background ========== libxml2 is the XML C parser and toolkit developed for the GNOME project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.10.2 >= 2.10.2 Description =========== Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.10.2" References ========== [ 1 ] CVE-2022-23308 https://nvd.nist.gov/vuln/detail/CVE-2022-23308 [ 2 ] CVE-2022-29824 https://nvd.nist.gov/vuln/detail/CVE-2022-29824 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202210-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Description: Version 1.22.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10. For more information, see the documentation linked in the Solution section. Bugs fixed (https://bugzilla.redhat.com/): 2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 5. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41771 https://access.redhat.com/security/cve/CVE-2021-41772 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21449 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 For details about the security issues see these CVE pages: * https://access.redhat.com/security/updates/classification/#low * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index 6. ========================================================================== Ubuntu Security Notice USN-5422-1 May 16, 2022 libxml2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in libxml2. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. (CVE-2022-23308) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-29824) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libxml2 2.9.13+dfsg-1ubuntu0.1 libxml2-utils 2.9.13+dfsg-1ubuntu0.1 Ubuntu 21.10: libxml2 2.9.12+dfsg-4ubuntu0.2 libxml2-utils 2.9.12+dfsg-4ubuntu0.2 Ubuntu 20.04 LTS: libxml2 2.9.10+dfsg-5ubuntu0.20.04.3 libxml2-utils 2.9.10+dfsg-5ubuntu0.20.04.3 Ubuntu 18.04 LTS: libxml2 2.9.4+dfsg1-6.1ubuntu1.6 libxml2-utils 2.9.4+dfsg1-6.1ubuntu1.6 Ubuntu 16.04 ESM: libxml2 2.9.3+dfsg1-1ubuntu0.7+esm2 libxml2-utils 2.9.3+dfsg1-1ubuntu0.7+esm2 Ubuntu 14.04 ESM: libxml2 2.9.1+dfsg1-3ubuntu4.13+esm3 libxml2-utils 2.9.1+dfsg1-3ubuntu4.13+esm3 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-6 tvOS 15.5 tvOS 15.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213254. AppleAVD Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26702: an anonymous researcher AppleAVD Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22675: an anonymous researcher AuthKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A local user may be able to enable iCloud Photos without authentication Description: An authentication issue was addressed with improved state management. CVE-2022-26724: Jorge A. Caballero (@DataDrivenMD) AVEVideoEncoder Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26736: an anonymous researcher CVE-2022-26737: an anonymous researcher CVE-2022-26738: an anonymous researcher CVE-2022-26739: an anonymous researcher CVE-2022-26740: an anonymous researcher DriverKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) ImageIO Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative IOKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab IOMobileFrameBuffer Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher IOSurfaceAccelerator Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26771: an anonymous researcher Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de) LaunchServices Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e) libxml2 Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 Security Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech Wi-Fi Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher Additional recognition AppleMobileFileIntegrity We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance. Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TcACgkQeC9qKD1p rhiw7BAAy82XZ2+vjnjFB1FrZ7ZnKtM4pz8MMpX4ZTD2ytgkwXi0qnyzBdMe/w4p zrpedL4p/RfdDOiM/4kWBtiH62qetiXDcE8tBqN8WTE9rf55cX4jlXrHASohFI2q ErkAjo51j2fg8S7a+luyaZWzBUZqlghtzWjtFgaHOQAP5dDf+He92kDerbrIDQw9 dg0nL4os0VFgWdX0EtFC7umK8iiTFbvtoEbLDLFODWweaJN8LOP/LHe71YzAryKg Dh9ItWqVdzkCOKWR8F96NnoBs7c6B4naqQkS4k2F/m6C6ckPb8LI18ss7oiD3eMB k7oo7+u1zQFRKmk0XlfH7awxtEHjYjjw3LT8ko9QJ8mEuspxoiwW7n1mINWa7Khp YoCe88xR06kfti4h6MJDSN6JpxSnikEyJzR4j4xGL6rWjqCj+XV9ejrt9EgF8BL2 JZ+Oceoh23m7IqVoMe1Hzjf1X3nsxXJQEg/xxRwHRknAjSNtVJUKhT4/ioOc9pu6 TROAHYdSO5yRLNUNpj9RlkBeDbXtiWgA2IEg0wcUPzwf3Uzt2Qw9zBFbMb1hPSht 7zTIOtF4Ub+MD6cFuHbC7hL58pRmA4FzEczLG81BoGGaFOCD2QDt0/ySTFr1M+YD g2L2PlZNgxd0zetkTkZbvAwroMUTRSi1GqxAhVeKwbvW4XAN+yc= =G3ho -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2022-23308 // VULHUB: VHN-412332 // PACKETSTORM: 166327 // PACKETSTORM: 166437 // PACKETSTORM: 166805 // PACKETSTORM: 166516 // PACKETSTORM: 166304 // PACKETSTORM: 168719 // PACKETSTORM: 167008 // PACKETSTORM: 167184 // PACKETSTORM: 167194

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:12.4

Trust: 1.0

vendor:netappmodel:ontap select deploy administration utilityscope:eqversion: -

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:15.5

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h500escope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core network slice selection functionscope:eqversion:22.1.1

Trust: 1.0

vendor:netappmodel:bootstrap osscope:eqversion: -

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.5

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15.0

Trust: 1.0

vendor:xmlsoftmodel:libxml2scope:ltversion:2.9.13

Trust: 1.0

vendor:netappmodel:snapdrivescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:mysql workbenchscope:lteversion:8.0.29

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:netappmodel:h300escope:eqversion: -

Trust: 1.0

vendor:netappmodel:manageability software development kitscope:eqversion: -

Trust: 1.0

vendor:netappmodel:smi-s providerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:22.2.0

Trust: 1.0

vendor:netappmodel:snapmanagerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:solidfire\, enterprise sds \& hci storage nodescope:eqversion: -

Trust: 1.0

vendor:netappmodel:h700escope:eqversion: -

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:oraclemodel:communications cloud native core network function cloud native environmentscope:eqversion:22.1.0

Trust: 1.0

vendor:netappmodel:h410cscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core unified data repositoryscope:eqversion:22.2.0

Trust: 1.0

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:clustered data ontap antivirus connectorscope:eqversion: -

Trust: 1.0

vendor:netappmodel:solidfire \& hci management nodescope:eqversion: -

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:8.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:22.1.2

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:22.2.0

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.6.0

Trust: 1.0

sources: NVD: CVE-2022-23308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-23308
value: HIGH

Trust: 1.0

VULHUB: VHN-412332
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-23308
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-412332
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-23308
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-412332 // NVD: CVE-2022-23308

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

sources: VULHUB: VHN-412332 // NVD: CVE-2022-23308

TYPE

arbitrary

Trust: 0.2

sources: PACKETSTORM: 166304 // PACKETSTORM: 167184

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-412332

EXTERNAL IDS

db:NVDid:CVE-2022-23308

Trust: 2.0

db:PACKETSTORMid:167008

Trust: 0.2

db:PACKETSTORMid:166437

Trust: 0.2

db:PACKETSTORMid:168719

Trust: 0.2

db:PACKETSTORMid:167194

Trust: 0.2

db:PACKETSTORMid:167184

Trust: 0.2

db:PACKETSTORMid:166304

Trust: 0.2

db:PACKETSTORMid:166327

Trust: 0.2

db:PACKETSTORMid:166431

Trust: 0.1

db:PACKETSTORMid:166433

Trust: 0.1

db:PACKETSTORMid:167188

Trust: 0.1

db:PACKETSTORMid:167185

Trust: 0.1

db:PACKETSTORMid:167189

Trust: 0.1

db:PACKETSTORMid:167193

Trust: 0.1

db:PACKETSTORMid:167186

Trust: 0.1

db:VULHUBid:VHN-412332

Trust: 0.1

db:PACKETSTORMid:166805

Trust: 0.1

db:PACKETSTORMid:166516

Trust: 0.1

sources: VULHUB: VHN-412332 // PACKETSTORM: 166327 // PACKETSTORM: 166437 // PACKETSTORM: 166805 // PACKETSTORM: 166516 // PACKETSTORM: 166304 // PACKETSTORM: 168719 // PACKETSTORM: 167008 // PACKETSTORM: 167184 // PACKETSTORM: 167194 // NVD: CVE-2022-23308

REFERENCES

url:https://security.gentoo.org/glsa/202210-03

Trust: 1.2

url:https://github.com/gnome/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20220331-0008/

Trust: 1.1

url:https://support.apple.com/kb/ht213253

Trust: 1.1

url:https://support.apple.com/kb/ht213254

Trust: 1.1

url:https://support.apple.com/kb/ht213255

Trust: 1.1

url:https://support.apple.com/kb/ht213256

Trust: 1.1

url:https://support.apple.com/kb/ht213257

Trust: 1.1

url:https://support.apple.com/kb/ht213258

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/may/34

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/may/38

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/may/35

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/may/33

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/may/36

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/may/37

Trust: 1.1

url:https://gitlab.gnome.org/gnome/libxml2/-/blob/v2.9.13/news

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/la3mwwayzadwj5f6joubx65uzamqb7rf/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-23308

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-23308

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-22825

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-23219

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-25315

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-23177

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22824

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-31566

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22823

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-23218

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22822

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-23852

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-22823

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22827

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-22824

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-45960

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-22822

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-46143

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-3999

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-46143

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22825

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-25235

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-45960

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22826

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-23177

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3999

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-31566

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-25236

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23219

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22826

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23218

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22827

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-25235

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23852

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0778

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0778

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-29824

Trust: 0.2

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/la3mwwayzadwj5f6joubx65uzamqb7rf/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0899

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1025

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25710

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24407

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24731

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25236

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24730

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25315

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24731

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24730

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1039

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1025

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1389

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3537

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3541

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3516

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3517

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3537

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3541

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3517

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3518

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0235

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0261

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0235

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0516

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0536

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0492

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0536

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1083

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0920

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0144

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0261

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23566

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0318

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0920

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0435

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0435

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0847

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0330

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0144

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0413

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0392

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22942

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0361

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23566

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0359

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0318

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0392

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0413

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0359

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0492

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.12+dfsg-4ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-6.1ubuntu1.5

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5324-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.10+dfsg-5ubuntu0.20.04.2

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21426

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21443

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21476

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1747

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21449

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21496

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21496

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41772

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21449

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21434

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21443

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21434

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25032

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41772

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21426

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41771

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41771

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21476

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-6.1ubuntu1.6

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5422-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.10+dfsg-5ubuntu0.20.04.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.12+dfsg-4ubuntu0.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.13+dfsg-1ubuntu0.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26701

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26738

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26740

Trust: 0.1

url:https://support.apple.com/ht213254.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26714

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26766

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26702

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26764

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26717

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26736

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26737

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26724

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26745

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26700

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26765

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26716

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26757

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22675

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26706

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26710

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26739

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26763

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26711

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26768

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

sources: VULHUB: VHN-412332 // PACKETSTORM: 166327 // PACKETSTORM: 166437 // PACKETSTORM: 166805 // PACKETSTORM: 166516 // PACKETSTORM: 166304 // PACKETSTORM: 168719 // PACKETSTORM: 167008 // PACKETSTORM: 167184 // PACKETSTORM: 167194 // NVD: CVE-2022-23308

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 166327 // PACKETSTORM: 166437 // PACKETSTORM: 166805 // PACKETSTORM: 166516 // PACKETSTORM: 167008

SOURCES

db:VULHUBid:VHN-412332
db:PACKETSTORMid:166327
db:PACKETSTORMid:166437
db:PACKETSTORMid:166805
db:PACKETSTORMid:166516
db:PACKETSTORMid:166304
db:PACKETSTORMid:168719
db:PACKETSTORMid:167008
db:PACKETSTORMid:167184
db:PACKETSTORMid:167194
db:NVDid:CVE-2022-23308

LAST UPDATE DATE

2024-11-20T20:45:50.942000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-412332date:2022-11-02T00:00:00
db:NVDid:CVE-2022-23308date:2023-11-07T03:44:08.253

SOURCES RELEASE DATE

db:VULHUBid:VHN-412332date:2022-02-26T00:00:00
db:PACKETSTORMid:166327date:2022-03-16T16:44:24
db:PACKETSTORMid:166437date:2022-03-24T14:40:17
db:PACKETSTORMid:166805date:2022-04-21T15:10:14
db:PACKETSTORMid:166516date:2022-03-29T15:53:19
db:PACKETSTORMid:166304date:2022-03-14T18:59:28
db:PACKETSTORMid:168719date:2022-10-17T13:50:28
db:PACKETSTORMid:167008date:2022-05-10T14:49:09
db:PACKETSTORMid:167184date:2022-05-17T16:57:29
db:PACKETSTORMid:167194date:2022-05-17T17:06:48
db:NVDid:CVE-2022-23308date:2022-02-26T05:15:08.280