ID

VAR-202203-0129


CVE

CVE-2022-22662


TITLE

Apple iOS and Apple iPadOS Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202203-1238

DESCRIPTION

A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. (CVE-2020-27918) "Clear History and Website Data" did not clear the history. A user may be unable to fully delete browsing history. (CVE-2021-1789) A port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870) A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775) A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779) An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30661) An integer overflow was addressed with improved input validation. Apple is aware of a report that this issue may have been actively exploited.. This issue is fixed in iOS 12.5.3. Apple is aware of a report that this issue may have been actively exploited.. A malicious website may be able to access restricted ports on arbitrary servers. This issue is fixed in iOS 12.5.4. Apple is aware of a report that this issue may have been actively exploited.. This issue is fixed in iOS 12.5.4. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799) A use-after-free flaw was found in WebKitGTK. Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed. (CVE-2021-30809) A confusion type flaw was found in WebKitGTK. Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed. (CVE-2021-30818) An out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. (CVE-2021-30849) A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. (CVE-2021-30887) An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888) A buffer overflow flaw was found in WebKitGTK. Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed. (CVE-2021-30951) An integer overflow was addressed with improved input validation. (CVE-2021-30952) An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30984) ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912) BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762) A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-26719) In WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. (CVE-2022-32792) Multiple out-of-bounds write issues were addressed with improved bounds checking. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700) A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529) A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358) A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360) A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361) A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362) A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363) The vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932) The vulnerability exists due to excessive data output by the application. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373) N/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-03-14-3 tvOS 15.4 tvOS 15.4 addresses the following issues. CVE-2022-22666: Marc Schoenefeld, Dr. rer. nat. AVEVideoEncoder Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2022-22634: an anonymous researcher AVEVideoEncoder Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22635: an anonymous researcher AVEVideoEncoder Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22612: Xingyu Jin of Google IOGPUFamily Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36) Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders Kernel Available for: Apple TV 4K and Apple TV HD Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6) Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn MediaRemote Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to identify what other applications a user has installed Description: An access issue was addressed with improved access restrictions. CVE-2022-22670: Brandon Azad Preferences Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Sandbox Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran UIKit Available for: Apple TV 4K and Apple TV HD Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV HD Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google Additional recognition Bluetooth We would like to acknowledge an anonymous researcher for their assistance. Siri We would like to acknowledge an anonymous researcher for their assistance syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance. UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance. WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance. WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance. Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIvyxIACgkQeC9qKD1p rhhDUg//VwUVUUj92pmEmjbj52uKnb1RZohn9dfkA9bESMzRy7wFwMUN973V2SPw T6JpgCab0ZVNxBIfEXJq7wbi2Io08N0UMCE5GPNV0QL79x6ZmYwZREZwdHghrHGh ggQtmYSZPipKLhvVOyXF7PamqHonnibbvfC/iWJSySnmPxQoHG7DoCzrX0wOnVBw dkHEstKVo3eo2/OG/mGhYZw/g8EIAIDQbgP4XTD/m3hRnXbRMFff+7PgaE8cZzdY 45q8ExwqNOTdFoeqsKNmPBIzZJau9fWlekUlGpPXC1ASsiXmiptwvy07RbNLZ1N2 j2lFcLj7Ikzwiwsd7MBIFAMP0OWrT4Ds6YWdcgNX2iBkNoheqqt7AP4kOUnDP28Z VXUriTbra9oPM0ctbZTBrmj7xiYjLbMJ4GRu2kIyGyTG9Wu9xEa3KH5Po1OR1Pxg zG4gXdRIE241E26uee648uIFHhxRcgSdygXANnzkFv5/YslqQdccRD1F6FrJwqgn V+ZFZ17zUhGW37F6Dmnd9LIo9GuiLl14qr1qfUoaQ+J+il2EV1UAv780wxQOuc4I ZnvU4rEjaGmHwSh4/GDUTRFkI/fiA39WYpPkgXKN5yqHJG7AGENaROz3jnOxr/xU JlVOleG7Z6MGdLwHG1i4QaBYrzadFZM20WsEOZ2twQzTVMQUyGk=qxuS -----END PGP SIGNATURE----- . Summary: OpenShift API for Data Protection (OADP) 1.1.2 is now available. Description: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Security Fix(es) from Bugzilla: * golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed (https://issues.jboss.org/): OADP-1056 - DPA fails validation if multiple BSLs have the same provider OADP-1150 - Handle docker env config changes in the oadp-operator OADP-1217 - update velero + restic to 1.9.5 OADP-1256 - Backup stays in progress status after restic pod is restarted due to OOM killed OADP-1289 - Restore partially fails with error "Secrets \"deployer-token-rrjqx\" not found" OADP-290 - Remove creation/usage of velero-privileged SCC 6. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images: Security Fix(es): * golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716) * kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798) * golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561) * golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717) * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962) * golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772) * golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773) * golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806) * golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131) * golang: syscall: faccessat checks wrong group (CVE-2022-29526) * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) * golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633) * golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635) * golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. RHEL-8-CNV-4.12 ============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89 3. Bugs fixed (https://bugzilla.redhat.com/): 1719190 - Unable to cancel live-migration if virt-launcher pod in pending state 2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040377 - Unable to delete failed VMIM after VM deleted 2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed 2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control 2060499 - [RFE] Cannot add additional service (or other objects) to VM template 2069098 - Large scale |VMs migration is slow due to low migration parallelism 2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2071491 - Storage Throughput metrics are incorrect in Overview 2072797 - Metrics in Virtualization -> Overview period is not clear or configurable 2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers 2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode 2086551 - Min CPU feature found in labels 2087724 - Default template show no boot source even there are auto-upload boot sources 2088129 - [SSP] webhook does not comply with restricted security context 2088464 - [CDI] cdi-deployment does not comply with restricted security context 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR 2089744 - HCO should label its control plane namespace to admit pods at privileged security level 2089751 - 4.12.0 containers 2089804 - 4.12.0 rpms 2091856 - ?Edit BootSource? action should have more explicit information when disabled 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer 2093771 - The disk source should be PVC if the template has no auto-update boot source 2093996 - kubectl get vmi API should always return primary interface if exist 2094202 - Cloud-init username field should have hint 2096285 - KubeVirt CR API documentation is missing docs for many fields 2096780 - [RFE] Add ssh-key and sysprep to template scripts tab 2097436 - Online disk expansion ignores filesystem overhead change 2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP 2099556 - [RFE] Add option to enable RDP service for windows vm 2099573 - [RFE] Improve template's message about not editable 2099923 - [RFE] Merge "SSH access" and "SSH command" into one 2100290 - Error is not dismissed on catalog review page 2100436 - VM list filtering ignores VMs in error-states 2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2100629 - Update nested support KBASE article 2100679 - The number of hardware devices is not correct in vm overview tab 2100682 - All hardware devices get deleted while just delete one 2100684 - Workload profile are not editable during creation and after creation 2101144 - VM filter has two "Other" checkboxes which are triggered together 2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode 2101167 - Edit buttons clickable area is too large. 2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id 2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state 2101390 - Easy to miss the "tick" when adding GPU device to vm via UI 2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id 2101423 - wrong user name on using ignition 2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page 2101445 - "Pending changes - Boot Order" 2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user 2101499 - Cannot add NIC to VM template as non-priv user 2101501 - NAME parameter in VM template has no effect. 2101628 - non-priv user cannot load dataSource while edit template's rootdisk 2101667 - VMI view is not aligned with vm and tempates 2101681 - All templates are labeling "source available" in template list page 2102074 - VM Creation time on VM Overview Details card lacks string 2102125 - vm clone modal is displaying DV size instead of PVC size 2102132 - align the utilization card of single VM overview with the design 2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"? 2102256 - Add button moved to right 2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal 2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other' 2102561 - sysprep-info should link to downstream doc 2102737 - Clone a VM should lead to vm overview tab 2102740 - "Save" button on vm clone modal should be "Clone" 2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab 2103807 - PVC is not named by VM name while creating vm quickly 2103817 - Workload profile values in vm details should align with template's value 2103844 - VM nic model is empty 2104331 - VM list page scroll up automatically 2104402 - VM create button is not enabled while adding multiple environment disks 2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed 2104424 - Enable descheduler or hide it on template's scheduling tab 2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted 2104480 - Alerts in VM overview tab disappeared after a few seconds 2104785 - "Add disk" and "Disks" are on the same line 2104859 - [RFE] Add "Copy SSH command" to VM action list 2105257 - Can't set log verbosity level for virt-operator pod 2106175 - All pages are crashed after visit Virtualization -> Overview 2106963 - Cannot add configmap for windows VM 2107279 - VM Template's bootable disk can be marked as bootable 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2108339 - datasource does not provide timestamp when updated 2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed 2109818 - Upstream metrics documentation is not detailed enough 2109975 - DataVolume fails to import "cirros-container-disk-demo" image 2110256 - Storage -> PVC -> upload data, does not support source reference 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls 2111240 - GiB changes to B in Template's Edit boot source reference modal 2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics 2111328 - kubevirt plugin console crashed after visit vmi page 2111378 - VM SSH command generated by UI points at api VIP 2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates` 2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi) 2112900 - button style are different 2114516 - Nothing happens after clicking on Fedora cloud image list link 2114636 - The style of displayed items are not unified on VM tabs 2114683 - VM overview tab is crashed just after the vm is created 2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12 2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass 2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items 2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates 2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF' 2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found" 2117549 - Cannot edit cloud-init data after add ssh key 2117803 - Cannot edit ssh even vm is stopped 2117813 - Improve descriptive text of VM details while VM is off 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs 2118257 - outdated doc link tolerations modal 2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format 2119069 - Unable to start windows VMs on PSI setups 2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2119309 - readinessProbe in VM stays on failed 2119615 - Change the disk size causes the unit changed 2120907 - Cannot filter disks by label 2121320 - Negative values in migration metrics 2122236 - Failing to delete HCO with SSP sticking around 2122990 - VMExport should check APIGroup 2124147 - "ReadOnlyMany" should not be added to supported values in memory dump 2124307 - Ui crash/stuck on loading when trying to detach disk on a VM 2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it 2124555 - View documentation link on MigrationPolicies page des not work 2124557 - MigrationPolicy description is not displayed on Details page 2124558 - Non-privileged user can start MigrationPolicy creation 2124565 - Deleted DataSource reappears in list 2124572 - First annotation can not be added to DataSource 2124582 - Filtering VMs by OS does not work 2124594 - Docker URL validation is inconsistent over application 2124597 - Wrong case in Create DataSource menu 2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile 2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state 2127787 - Expose the PVC source of the dataSource on UI 2127843 - UI crashed by selecting "Live migration network" 2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes 2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer 2128002 - Error after VM template deletion 2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards 2128872 - [4.11]Can't restore cloned VM 2128948 - Cannot create DataSource from default YAML 2128949 - Cannot create MigrationPolicy from example YAML 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2129013 - Mark Windows 11 as TechPreview 2129234 - Service is not deleted along with the VM when the VM is created from a template with service 2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data' 2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook 2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV 2130588 - crypto-policy : Common Ciphers support by apiserver and hco 2130695 - crypto-policy : Logging Improvement and publish the source of ciphers 2130909 - Non-privileged user can start DataSource creation 2131157 - KV data transfer rate chart in VM Metrics tab is not displayed 2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough 2131674 - Bump virtlogd memory requirement to 20Mi 2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11 2132682 - Default YAML entity name convention. 2132721 - Delete dialogs 2132744 - Description text is missing in Live Migrations section 2132746 - Background is broken in Virtualization Monitoring page 2132783 - VM can not be created from Template with edited boot source 2132793 - Edited Template BSR is not saved 2132932 - Typo in PVC size units menu 2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed 2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed 2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed 2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed 2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed 2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed 2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed 2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed 2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod 2134672 - [e2e] add data-test-id for catalog -> storage section 2134825 - Authorization for expand-spec endpoint missing 2135805 - Windows 2022 template is missing vTPM and UEFI params in spec 2136051 - Name jumping when trying to create a VM with source from catalog 2136425 - Windows 11 is detected as Windows 10 2136534 - Not possible to specify a TTL on VMExports 2137123 - VMExport: export pod is not PSA complaint 2137241 - Checkbox about delete vm disks is not loaded while deleting VM 2137243 - registery input add docker prefix twice 2137349 - "Manage source" action infinitely loading on DataImportCron details page 2137591 - Inconsistent dialog headings/titles 2137731 - Link of VM status in overview is not working 2137733 - No link for VMs in error status in "VirtualMachine statuses" card 2137736 - The column name "MigrationPolicy name" can just be "Name" 2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly 2138112 - Unsupported S3 endpoint option in Add disk modal 2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals 2138199 - Win11 and Win22 templates are not filtered properly by Template provider 2138653 - Saving Template prameters reloads the page 2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail 2138664 - VM that was created with SSH key fails to start 2139257 - Cannot add disk via "Using an existing PVC" 2139260 - Clone button is disabled while VM is running 2139293 - Non-admin user cannot load VM list page 2139296 - Non-admin cannot load MigrationPolicies page 2139299 - No auto-generated VM name while creating VM by non-admin user 2139306 - Non-admin cannot create VM via customize mode 2139479 - virtualization overview crashes for non-priv user 2139574 - VM name gets "emptyname" if click the create button quickly 2139651 - non-priv user can click create when have no permissions 2139687 - catalog shows template list for non-priv users 2139738 - [4.12]Can't restore cloned VM 2139820 - non-priv user cant reach vm details 2140117 - Provide upgrade path from 4.11.1->4.12.0 2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project 2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user 2140627 - Not able to select storageClass if there is no default storageclass defined 2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user 2140808 - Hyperv feature set to "enabled: false" prevents scheduling 2140977 - Alerts number is not correct on Virtualization overview 2140982 - The base template of cloned template is "Not available" 2140998 - Incorrect information shows in overview page per namespace 2141089 - Unable to upload boot images. 2141302 - Unhealthy states alerts and state metrics are missing 2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations 2141494 - "Start in pause mode" option is not available while creating the VM 2141654 - warning log appearing on VMs: found no SR-IOV networks 2141711 - Node column selector is redundant for non-priv user 2142468 - VM action "Stop" should not be disabled when VM in pause state 2142470 - Delete a VM or template from all projects leads to 404 error 2142511 - Enhance alerts card in overview 2142647 - Error after MigrationPolicy deletion 2142891 - VM latency checkup: Failed to create the checkup's Job 2142929 - Permission denied when try get instancestypes 2143268 - Topolvm storageProfile missing accessModes and volumeMode 2143498 - Could not load template while creating VM from catalog 2143964 - Could not load template while creating VM from catalog 2144580 - "?" icon is too big in VM Template Disk tab 2144828 - "?" icon is too big in VM Template Disk tab 2144839 - Alerts number is not correct on Virtualization overview 2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten 2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container 5. Bugs fixed (https://bugzilla.redhat.com/): 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 5. JIRA issues fixed (https://issues.jboss.org/): LOG-3250 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-3252 - [release-5.4]Adding Valid Subscription Annotation 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: webkit2gtk3 security and bug fix update Advisory ID: RHSA-2022:8054-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8054 Issue date: 2022-11-15 CVE Names: CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 ==================================================================== 1. Summary: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: webkit2gtk3-2.36.7-1.el9.src.rpm aarch64: webkit2gtk3-2.36.7-1.el9.aarch64.rpm webkit2gtk3-debuginfo-2.36.7-1.el9.aarch64.rpm webkit2gtk3-debugsource-2.36.7-1.el9.aarch64.rpm webkit2gtk3-devel-2.36.7-1.el9.aarch64.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el9.aarch64.rpm webkit2gtk3-jsc-2.36.7-1.el9.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.aarch64.rpm webkit2gtk3-jsc-devel-2.36.7-1.el9.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.aarch64.rpm ppc64le: webkit2gtk3-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-debuginfo-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-debugsource-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-devel-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-jsc-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-jsc-devel-2.36.7-1.el9.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.ppc64le.rpm s390x: webkit2gtk3-2.36.7-1.el9.s390x.rpm webkit2gtk3-debuginfo-2.36.7-1.el9.s390x.rpm webkit2gtk3-debugsource-2.36.7-1.el9.s390x.rpm webkit2gtk3-devel-2.36.7-1.el9.s390x.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el9.s390x.rpm webkit2gtk3-jsc-2.36.7-1.el9.s390x.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.s390x.rpm webkit2gtk3-jsc-devel-2.36.7-1.el9.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.s390x.rpm x86_64: webkit2gtk3-2.36.7-1.el9.i686.rpm webkit2gtk3-2.36.7-1.el9.x86_64.rpm webkit2gtk3-debuginfo-2.36.7-1.el9.i686.rpm webkit2gtk3-debuginfo-2.36.7-1.el9.x86_64.rpm webkit2gtk3-debugsource-2.36.7-1.el9.i686.rpm webkit2gtk3-debugsource-2.36.7-1.el9.x86_64.rpm webkit2gtk3-devel-2.36.7-1.el9.i686.rpm webkit2gtk3-devel-2.36.7-1.el9.x86_64.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el9.i686.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el9.x86_64.rpm webkit2gtk3-jsc-2.36.7-1.el9.i686.rpm webkit2gtk3-jsc-2.36.7-1.el9.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.i686.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el9.x86_64.rpm webkit2gtk3-jsc-devel-2.36.7-1.el9.i686.rpm webkit2gtk3-jsc-devel-2.36.7-1.el9.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. This advisory covers container images for the release. JIRA issues fixed (https://issues.jboss.org/): OSSM-1977 - Support for Istio Gateway API in Kiali OSSM-2083 - Update maistra/istio 2.3 to Istio 1.14.5 OSSM-2147 - Unexpected validation message on Gateway object OSSM-2169 - Member controller doesn't retry on conflict OSSM-2170 - Member namespaces aren't cleaned up when a cluster-scoped SMMR is deleted OSSM-2179 - Wasm plugins only support OCI images with 1 layer OSSM-2184 - Istiod isn't allowed to delete analysis distribution report configmap OSSM-2188 - Member namespaces not cleaned up when SMCP is deleted OSSM-2189 - If multiple SMCPs exist in a namespace, the controller reconciles them all OSSM-2190 - The memberroll controller reconciles SMMRs with invalid name OSSM-2232 - The member controller reconciles ServiceMeshMember with invalid name OSSM-2241 - Remove v2.0 from Create ServiceMeshControlPlane Form OSSM-2251 - CVE-2022-3962 openshift-istio-kiali-container: kiali: content spoofing [ossm-2.3] OSSM-2308 - add root CA certificates to kiali container OSSM-2315 - be able to customize openshift auth timeouts OSSM-2324 - Gateway injection does not work when pods are created by cluster admins OSSM-2335 - Potential hang using Traces scatterplot chart OSSM-2338 - Federation deployment does not need router mode sni-dnat OSSM-2344 - Restarting istiod causes Kiali to flood CRI-O with port-forward requests OSSM-2375 - Istiod should log member namespaces on every update OSSM-2376 - ServiceMesh federation stops working after the restart of istiod pod OSSM-535 - Support validationMessages in SMCP OSSM-827 - ServiceMeshMembers point to wrong SMCP name 6. Description: Red Hat Advanced Cluster Management for Kubernetes 2.6.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/ Bugs addressed: * clusters belong to global clusterset is not selected by placement when rescheduling (BZ# 2129679) * RHACM 2.6.3 images (BZ# 2139085) Security fixes: * CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function Security * CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements 3. Bugs fixed (https://bugzilla.redhat.com/): 2129679 - clusters belong to global clusterset is not selected by placement when rescheduling 2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function 2139085 - RHACM 2.6.3 images 2149181 - CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements 5

Trust: 1.71

sources: NVD: CVE-2022-22662 // VULHUB: VHN-411290 // VULMON: CVE-2022-22662 // PACKETSTORM: 166316 // PACKETSTORM: 171310 // PACKETSTORM: 170741 // PACKETSTORM: 169920 // PACKETSTORM: 169889 // PACKETSTORM: 170806 // PACKETSTORM: 170242

AFFECTED PRODUCTS

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:36

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

sources: NVD: CVE-2022-22662

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22662
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202203-1238
value: MEDIUM

Trust: 0.6

VULHUB: VHN-411290
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-22662
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-22662
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-411290
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-22662
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-411290 // VULMON: CVE-2022-22662 // CNNVD: CNNVD-202203-1238 // NVD: CVE-2022-22662

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-668

Trust: 0.1

sources: VULHUB: VHN-411290 // NVD: CVE-2022-22662

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-1238

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202203-1238

PATCH

title:Apple iOS and Apple iPadOS Repair measures for information disclosure vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=194224

Trust: 0.6

title:Red Hat: url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-22662

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2022-22662

Trust: 0.1

title:Red Hat: Moderate: webkit2gtk3 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228054 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Service Binding Operator security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230918 - Security Advisory

Trust: 0.1

title:Red Hat: Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related imagesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228964 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Logging Subsystem 5.4.8 - Red Hat OpenShift security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227435 - Security Advisory

Trust: 0.1

title:Apple: macOS Big Sur 11.6.5url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=4c90c4b83ae5b2687f4b5d9d71e49f12

Trust: 0.1

title:Red Hat: Moderate: Release of OpenShift Serverless 1.27.0url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230709 - Security Advisory

Trust: 0.1

title:Red Hat: Low: Release of OpenShift Serverless 1.26.0url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228938 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: RHSA: Submariner 0.13.3 - security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230795 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: RHSA: Submariner 0.14 - bug fix and security updatesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230631 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230584 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Migration Toolkit for Runtimes security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230470 - Security Advisory

Trust: 0.1

title:Apple: iOS 15.4 and iPadOS 15.4url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=14b60b166a667fc4faf52d81847a180a

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift Service Mesh 2.3.1 Containers security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230542 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231174 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20229047 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Virtualization 4.11.1 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228750 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Migration Toolkit for Applications security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230934 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Advanced Cluster Management 2.6.3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20229040 - Security Advisory

Trust: 0.1

title:Apple: macOS Monterey 12.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f1105c4a20da11497b610b14a1668180

Trust: 0.1

title:Red Hat: Important: OpenShift Virtualization 4.12.0 Images security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230408 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Openshift Logging 5.3.14 bug fix release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228889 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228781 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2023-2088url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-2088

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-22662 // CNNVD: CNNVD-202203-1238

EXTERNAL IDS

db:NVDid:CVE-2022-22662

Trust: 2.5

db:OPENWALLid:OSS-SECURITY/2022/07/05/3

Trust: 1.8

db:PACKETSTORMid:169920

Trust: 0.8

db:PACKETSTORMid:169889

Trust: 0.8

db:PACKETSTORMid:170210

Trust: 0.7

db:PACKETSTORMid:166318

Trust: 0.7

db:PACKETSTORMid:169760

Trust: 0.7

db:PACKETSTORMid:170956

Trust: 0.7

db:PACKETSTORMid:168226

Trust: 0.7

db:CS-HELPid:SB2022031439

Trust: 0.6

db:CS-HELPid:SB2022070510

Trust: 0.6

db:CS-HELPid:SB2022072529

Trust: 0.6

db:AUSCERTid:ESB-2022.3595

Trust: 0.6

db:AUSCERTid:ESB-2022.6434

Trust: 0.6

db:AUSCERTid:ESB-2023.0818

Trust: 0.6

db:AUSCERTid:ESB-2023.1467

Trust: 0.6

db:AUSCERTid:ESB-2022.3596

Trust: 0.6

db:AUSCERTid:ESB-2022.6290

Trust: 0.6

db:CNNVDid:CNNVD-202203-1238

Trust: 0.6

db:PACKETSTORMid:166316

Trust: 0.2

db:PACKETSTORMid:171026

Trust: 0.1

db:PACKETSTORMid:166312

Trust: 0.1

db:PACKETSTORMid:170898

Trust: 0.1

db:PACKETSTORMid:166314

Trust: 0.1

db:PACKETSTORMid:171144

Trust: 0.1

db:PACKETSTORMid:166315

Trust: 0.1

db:VULHUBid:VHN-411290

Trust: 0.1

db:VULMONid:CVE-2022-22662

Trust: 0.1

db:PACKETSTORMid:171310

Trust: 0.1

db:PACKETSTORMid:170741

Trust: 0.1

db:PACKETSTORMid:170806

Trust: 0.1

db:PACKETSTORMid:170242

Trust: 0.1

sources: VULHUB: VHN-411290 // VULMON: CVE-2022-22662 // PACKETSTORM: 166316 // PACKETSTORM: 171310 // PACKETSTORM: 170741 // PACKETSTORM: 169920 // PACKETSTORM: 169889 // PACKETSTORM: 170806 // PACKETSTORM: 170242 // CNNVD: CNNVD-202203-1238 // NVD: CVE-2022-22662

REFERENCES

url:https://security.gentoo.org/glsa/202208-39

Trust: 1.8

url:https://support.apple.com/en-us/ht213184

Trust: 1.8

url:https://support.apple.com/en-us/ht213185

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2022/07/05/3

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/annhxxarvbrgi74tvqnzoag6p7agsmuj/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33bwwaqllbhkgsi332zzcortfz2xloih/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33bwwaqllbhkgsi332zzcortfz2xloih/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/annhxxarvbrgi74tvqnzoag6p7agsmuj/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-22662

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-26710

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-26700

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-26719

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-26709

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-26717

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-26716

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-22629

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-22628

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-22624

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-30293

Trust: 0.6

url:https://packetstormsecurity.com/files/166318/apple-security-advisory-2022-03-14-2.html

Trust: 0.6

url:https://packetstormsecurity.com/files/170210/red-hat-security-advisory-2022-8964-01.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/webkitgtk-wpe-webkit-three-vulnerabilities-38837

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070510

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031439

Trust: 0.6

url:https://packetstormsecurity.com/files/168226/gentoo-linux-security-advisory-202208-39.html

Trust: 0.6

url:https://packetstormsecurity.com/files/169920/red-hat-security-advisory-2022-7435-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1467

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6290

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-22662/

Trust: 0.6

url:https://packetstormsecurity.com/files/169889/red-hat-security-advisory-2022-8054-01.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-37800

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072529

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6434

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3595

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3596

Trust: 0.6

url:https://support.apple.com/en-us/ht213182

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0818

Trust: 0.6

url:https://packetstormsecurity.com/files/170956/red-hat-security-advisory-2023-0709-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/169760/red-hat-security-advisory-2022-7704-01.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-22628

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22624

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-1304

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22629

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-22662

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-1304

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-42898

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2016-3709

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-3709

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-37434

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-27404

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-27405

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-27406

Trust: 0.3

url:https://issues.jboss.org/):

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-3515

Trust: 0.3

url:https://access.redhat.com/errata/rhsa-2022:8054

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-43680

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25308

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42011

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2879

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2880

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25310

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25309

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-35737

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-46848

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-41715

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-46848

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42010

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42012

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-30632

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35525

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-28131

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-40674

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35527

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-30633

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1705

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35525

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-30630

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1962

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-30635

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2509

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35527

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-32148

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-30631

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-26716

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-26710

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-26709

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-26700

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

url:https://alas.aws.amazon.com/al2/alas-2023-2088.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22609

Trust: 0.1

url:https://support.apple.com/ht213186.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22612

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22610

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22670

Trust: 0.1

url:https://support.apple.com/en-us/ht201222.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22634

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22637

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22666

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22636

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22613

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22621

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22600

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22640

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22638

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22611

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22632

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22615

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22635

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22614

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-46285

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2953

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-48303

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2869

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-4415

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2058

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40304

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:1174

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2057

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-4883

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-44617

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2058

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41717

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2521

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2519

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40303

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2056

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2521

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2520

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2056

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2868

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2520

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-47629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2867

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2519

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2057

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-20107

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0408

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30698

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30629

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23772

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0391

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2097

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-38561

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-38561

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0391

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-34903

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44716

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1292

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29526

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0256

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1292

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1897

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23773

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32208

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24795

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1927

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3787

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44716

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0256

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44717

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2068

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30699

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32206

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23806

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1798

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0308

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-20107

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44717

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42004

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7435

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32149

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42003

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2509

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36518

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30293

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26717

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-39278

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21713

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0542

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21713

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21673

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23648

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21703

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1962

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4238

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4238

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1705

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21703

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32189

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21702

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3962

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21702

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27664

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30002

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1016

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1048

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30002

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29581

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0168

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28893

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1055

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22844

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0561

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0908

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0924

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0909

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-36946

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24448

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0562

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2639

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1355

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2586

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36558

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0561

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21499

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0854

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-20368

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0891

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3517

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0854

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26373

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0909

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36516

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0891

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0865

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1184

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2078

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23960

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0865

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28390

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3640

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0562

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41912

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:9040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25255

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0908

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0168

Trust: 0.1

sources: VULHUB: VHN-411290 // VULMON: CVE-2022-22662 // PACKETSTORM: 166316 // PACKETSTORM: 171310 // PACKETSTORM: 170741 // PACKETSTORM: 169920 // PACKETSTORM: 169889 // PACKETSTORM: 170806 // PACKETSTORM: 170242 // CNNVD: CNNVD-202203-1238 // NVD: CVE-2022-22662

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 171310 // PACKETSTORM: 170741 // PACKETSTORM: 169920 // PACKETSTORM: 169889 // PACKETSTORM: 170806 // PACKETSTORM: 170242

SOURCES

db:VULHUBid:VHN-411290
db:VULMONid:CVE-2022-22662
db:PACKETSTORMid:166316
db:PACKETSTORMid:171310
db:PACKETSTORMid:170741
db:PACKETSTORMid:169920
db:PACKETSTORMid:169889
db:PACKETSTORMid:170806
db:PACKETSTORMid:170242
db:CNNVDid:CNNVD-202203-1238
db:NVDid:CVE-2022-22662

LAST UPDATE DATE

2025-02-20T19:58:30.489000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-411290date:2022-09-04T00:00:00
db:VULMONid:CVE-2022-22662date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-202203-1238date:2023-03-10T00:00:00
db:NVDid:CVE-2022-22662date:2024-11-21T06:47:13.653

SOURCES RELEASE DATE

db:VULHUBid:VHN-411290date:2022-05-26T00:00:00
db:VULMONid:CVE-2022-22662date:2022-05-26T00:00:00
db:PACKETSTORMid:166316date:2022-03-15T15:46:52
db:PACKETSTORMid:171310date:2023-03-09T15:14:10
db:PACKETSTORMid:170741date:2023-01-26T15:29:09
db:PACKETSTORMid:169920date:2022-11-17T13:23:05
db:PACKETSTORMid:169889date:2022-11-16T16:08:17
db:PACKETSTORMid:170806date:2023-01-31T17:11:04
db:PACKETSTORMid:170242date:2022-12-15T15:34:35
db:CNNVDid:CNNVD-202203-1238date:2022-03-14T00:00:00
db:NVDid:CVE-2022-22662date:2022-05-26T18:15:08.913