ID

VAR-202205-0881


CVE

CVE-2022-1629


TITLE

vim/vim  Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-010778

DESCRIPTION

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2042536 - OCP 4.10: nfd-topology-updater daemonset fails to get created on worker nodes - forbidden: unable to validate against any security context constraint 2042652 - Unable to deploy hw-event-proxy operator 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2047308 - Remove metrics and events for master port offsets 2055049 - No pre-caching for NFD images 2055436 - nfd-master tracking the wrong api group 2055439 - nfd-master tracking the wrong api group (operand) 2057569 - nfd-worker: drop 'custom-' prefix from matchFeatures custom rules 2058256 - LeaseDuration for NFD Operator seems to be rather small, causing Operator restarts when running etcd defrag 2062849 - hw event proxy is not binding on ipv6 local address 2066860 - Wrong spec in NFD documentation under `operand` 2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp 2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp 2067312 - PPT event source is lost when received by the consumer 2077243 - NFD os release label lost after upgrade to ocp 4.10.6 2087511 - NFD SkipRange is wrong causing OLM install problems 2089962 - Node feature Discovery operator installation failed. 2090774 - Add Readme to plugin directory 2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3 2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 5. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/ Security update: * nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450) Bug fixes: * Can't install submariner add-ons from UI on unsupported cloud provider (BZ# 2087686) * policy controller addons are Progressing status (unhealthy from backend) on OCP3.11 in ARM hub (BZ# 2088270) * RHACM 2.5.1 images (BZ# 2090802) * Broken link to Submariner manual install instructions (BZ# 2095333) * `The backend service is unavailable` when accessing ACM 2.5 Overview page (BZ# 2096389) * 64 character length causing clusters to unsubscribe (BZ# 2101453) 3. Bugs fixed (https://bugzilla.redhat.com/): 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2087686 - Can't install submariner add-ons from UI on unsupported cloud provider 2088270 - policy controller addons are Progressing status (unhealthy from backend) on OCP3.11 in ARM hub 2090802 - RHACM 2.5.1 images 2095333 - Broken link to Submariner manual install instructions 2096389 - `The backend service is unavailable` when accessing ACM 2.5 Overview page 2101453 - 64 character length causing clusters to unsubscribe 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ACS 3.71 enhancement and security update Advisory ID: RHSA-2022:5704-01 Product: RHACS Advisory URL: https://access.redhat.com/errata/RHSA-2022:5704 Issue date: 2022-07-25 CVE Names: CVE-2021-40528 CVE-2022-1621 CVE-2022-1629 CVE-2022-22576 CVE-2022-25313 CVE-2022-25314 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-29173 CVE-2022-29824 ==================================================================== 1. Summary: Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug fixes and feature improvements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Release of ACS 3.71 provides these changes: Security Fix(es): * go-tuf: No protection against rollback attacks for roles other than root (CVE-2022-29173) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. New Features: * New RHACS dashboard and widgets * New default policy for privilege escalation: detects if a deployment is running with a container that has allowPrivilegeEscalation set to true. This policy is enabled by default. The privilege escalation setting is enabled in Kubernetes pods by default. * New default policy for externally exposed service: detects if a deployment has any service that is externally exposed through any methods. The policy is disabled by default. * Ability to assign multiple RHACS roles to users and groups: Allows you to assign multiple roles using key-value pairs to a single user or group. * List of network policies in Deployment tab for violations: A new information section has been added to help resolve a "missing Kubernetes network policy" violation that lists all the Kubernetes network policies applicable to the namespace of the offending deployment. * Alpine 3.16 support for Scanner Enhancements: * Change to roxctl image scan behavior: The default value for the - --include-snoozed option of the roxctl image scan command is set to false. If the --include-snoozed option is set to false, the scan does not include snoozed CVEs. * Diagnostic bundles update: These now include notifiers, auth providers and auth provider groups, access control roles with attached permission set and access scope, and system configuration information. Users with the DebugLogs permission can read listed entities from a generated diagnostic bundle regardless of their respective permissions. * Align OCP4-CIS scanning benchmarks control numbers: The CIS control number has been added to compliance scan results to enable customers to reference the original control from the CIS benchmark standard. Notable technical changes: * eBPF is now the default collection method: Updated the default collection method for Collector to eBPF. Deprecated features: * RenamePolicyCategory and DeletePolicyCategory API endpoints * Permissions: AuthPlugin, AuthProvider, Group, Licenses, Role, User, Indicator, NetworkBaseline, ProcessWhitelist, Risk, APIToken, BackupPlugins, ImageIntegration, Notifier, SignatureIntegration, ImageComponent * Retrieving groups by property * vulns fields of storage.Node object in response payload of v1/nodes * /v1/cves/suppress and /v1/cves/unsuppress Removed features: * Anchore, Tenable, and Docker Trusted Registry integrations * External authorization plug-in for scoped access control * FROM option in the Disallowed Dockerfile line policy field * PodSecurityPolicy (PSP) Kubernetes objects 3. Solution: To take advantage of the new features, bug fixes, and enhancements in RHACS 3.71 you are advised to upgrade to RHACS 3.71.0. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2082400 - CVE-2022-29173 go-tuf: No protection against rollback attacks for roles other than root 5. JIRA issues fixed (https://issues.jboss.org/): ROX-11898 - Release RHACS 3.71.0 6. References: https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-29173 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYuFju9zjgjWX9erEAQiWQw/+OGMhyOtp3q6Ypqpl1hEi3YCkXQOsdzmR V/2ULky7w4rO8xA9u8hZjDtrsxhHmY3PSYv2fRxLAX87d0FJEoUOGJ7JEQT+L+VF 08Zqzz+CRUVBubN27UKdMb8nAZ0S083XleTGd0u/gLTvdejRsfsNvfs+rlOSxv1c mlChC8HXlVg5UH6OAEspZ2P02AZdCgHCnlO5qHQT7BGeFPko4KMXAFf9Hddawffc F9nEC2jDlQ+KXFPTFWIcXnrCE89kQa32QFnks7Tt1RAgG+y2+xJj46LBU/nFeOpJ iu7eLDeKPn4WkmDsLaKIYDtpxXydJhRodnPukQHp4Jxik9HwEwl4L5F4p7bznM6P 6KsihRVrRxfhmHmjm7k43m9u9rNpeey6nrjAKEsZT5wOuNfpgtVAkBrN1fJ4X+tD wEbCeeEXZX1LL2kd8DsUD5Qw4Zs+uaqMqKtuqm9neiEpVOS9/Ktc6hTtt+Cw5l8u XS6NMQZeVl+bTkN6kVzVjSRl2hA5/VWL2Jd9cLjxp3jiIBLpiYZ1Usg8dt0FLgFe 3mQvD7GUMl7nrE4BEF/pwk1tRcEtzZfta5PpqyW2lYX6KXXgwibDND7xv7QXV8GP 2RdFbZC8K+XGCSf/RiD77cH/Uojpto9NnGfnhO3rMeVGnTbUQx57+QEqJLWHfLVQ +tIPRnmepo8=I5j4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202305-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: May 03, 2023 Bugs: #851231, #861092, #869359, #879257, #883681, #889730 ID: 202305-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service. gVim is the GUI version of Vim. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-editors/gvim < 9.0.1157 >= 9.0.1157 2 app-editors/vim < 9.0.1157 >= 9.0.1157 3 app-editors/vim-core < 9.0.1157 >= 9.0.1157 Description =========== Multiple vulnerabilities have been discovered in Vim, gVim. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Vim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.1157" All gVim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.1157" All vim-core users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.1157" References ========== [ 1 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 2 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 3 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 4 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 5 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 6 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 7 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 8 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 9 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 10 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 11 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 12 ] CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 [ 13 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 14 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 15 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 16 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 17 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 18 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 19 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 20 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 21 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 22 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 23 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 24 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 25 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 26 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 27 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 28 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 29 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 30 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 31 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 32 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 33 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 34 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 35 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 36 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 37 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 38 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 39 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 40 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 41 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 42 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 43 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 44 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 45 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 46 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 47 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 48 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 49 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 50 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 51 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 [ 52 ] CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 [ 53 ] CVE-2022-2816 https://nvd.nist.gov/vuln/detail/CVE-2022-2816 [ 54 ] CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 [ 55 ] CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 [ 56 ] CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 [ 57 ] CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 [ 58 ] CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 [ 59 ] CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 [ 60 ] CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 [ 61 ] CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 [ 62 ] CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 [ 63 ] CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 [ 64 ] CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 [ 65 ] CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 [ 66 ] CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 [ 67 ] CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 [ 68 ] CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 [ 69 ] CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 [ 70 ] CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 [ 71 ] CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 [ 72 ] CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 [ 73 ] CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 [ 74 ] CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 [ 75 ] CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 [ 76 ] CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 [ 77 ] CVE-2022-3491 https://nvd.nist.gov/vuln/detail/CVE-2022-3491 [ 78 ] CVE-2022-3520 https://nvd.nist.gov/vuln/detail/CVE-2022-3520 [ 79 ] CVE-2022-3591 https://nvd.nist.gov/vuln/detail/CVE-2022-3591 [ 80 ] CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 [ 81 ] CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 [ 82 ] CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 [ 83 ] CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 [ 84 ] CVE-2022-47024 https://nvd.nist.gov/vuln/detail/CVE-2022-47024 [ 85 ] CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 [ 86 ] CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 [ 87 ] CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202305-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Description: Release osp-director-operator images Security Fix(es): * go-getter: unsafe download (issue 1 of 3) [Important] (CVE-2022-30321) * go-getter: unsafe download (issue 2 of 3) [Important] (CVE-2022-30322) * go-getter: unsafe download (issue 3 of 3) [Important] (CVE-2022-30323) * go-getter: command injection vulnerability [Important] (CVE-2022-26945) * golang.org/x/crypto: empty plaintext packet causes panic [Moderate] (CVE-2021-43565) * containerd: insufficiently restricted permissions on container root and plugin directories [Moderate] (CVE-2021-41103) 3. Solution: OSP 16.2 Release - OSP Director Operator Containers tech preview 4. Bugs fixed (https://bugzilla.redhat.com/): 2011007 - CVE-2021-41103 containerd: insufficiently restricted permissions on container root and plugin directories 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3) 2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3) 2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3) 2092928 - CVE-2022-26945 go-getter: command injection vulnerability 5. Bugs fixed (https://bugzilla.redhat.com/): 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2536 - Setting up ODF S3 for loki LOG-2640 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-2757 - [release-5.4] index rollover cronjob fails on openshift-logging operator LOG-2762 - [release-5.4]Events and CLO csv are not collected after running `oc adm must-gather --image=$downstream-clo-image ` LOG-2780 - Loki cannot send logs after upgrade to 5.4.3 from 5.4.2 with 'http' LOG-2781 - OpenShift Logging Dashboard for Elastic Shards shows "active_primary" instead of "active" shards. LOG-2786 - [release-5.4] Token not added to Vector config when forwarding logs to Lokistack with Token+CA bundle. LOG-2791 - [release-5.4] ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image 6. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Vim (Vi IMproved) is an updated and improved version of the vi editor. Bugs fixed (https://bugzilla.redhat.com/): 2083924 - CVE-2022-1621 vim: heap buffer overflow 2083931 - CVE-2022-1629 vim: buffer over-read 6. Package List: Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7

Trust: 2.43

sources: NVD: CVE-2022-1629 // JVNDB: JVNDB-2022-010778 // VULHUB: VHN-419742 // VULMON: CVE-2022-1629 // PACKETSTORM: 168036 // PACKETSTORM: 167853 // PACKETSTORM: 167838 // PACKETSTORM: 172122 // PACKETSTORM: 167778 // PACKETSTORM: 167845 // PACKETSTORM: 167644

AFFECTED PRODUCTS

vendor:vimmodel:vimscope:ltversion:8.2.4925

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:applemodel:macosscope:ltversion:13.0

Trust: 1.0

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:vimmodel:vimscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-010778 // NVD: CVE-2022-1629

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-1629
value: HIGH

Trust: 1.0

security@huntr.dev: CVE-2022-1629
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-1629
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202205-2825
value: HIGH

Trust: 0.6

VULHUB: VHN-419742
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-1629
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-1629
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-419742
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-1629
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security@huntr.dev: CVE-2022-1629
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 4.7
version: 3.0

Trust: 1.0

NVD: CVE-2022-1629
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-419742 // VULMON: CVE-2022-1629 // JVNDB: JVNDB-2022-010778 // CNNVD: CNNVD-202205-2825 // NVD: CVE-2022-1629 // NVD: CVE-2022-1629

PROBLEMTYPE DATA

problemtype:CWE-126

Trust: 1.1

problemtype:CWE-125

Trust: 1.0

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-419742 // JVNDB: JVNDB-2022-010778 // NVD: CVE-2022-1629

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-2825

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202205-2825

PATCH

title:trailing backslash may cause reading past end of line Apple Apple Security Updatesurl:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/

Trust: 0.8

title:Vim Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=193121

Trust: 0.6

title:Red Hat: Moderate: vim security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225319 - Security Advisory

Trust: 0.1

title:IBM: Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in Vim (CVE-2022-1629)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=75dc112b2a9ad39a0596e95fdf36f8db

Trust: 0.1

title:IBM: Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to CVE-2022-1629url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2b1376ae460945586f54fa928ce7a610

Trust: 0.1

title:Red Hat: url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-1629

Trust: 0.1

title:Red Hat: Moderate: ACS 3.71 enhancement and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225704 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Openshift Logging Bug Fix and security update Release (5.2.13)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225909 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Logging Subsystem 5.4.3 - Red Hat OpenShift security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225556 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Openshift Logging Bug Fix and security update Release (5.3.10)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225908 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Release of containers for OSP 16.2.z director operator tech previewurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225673 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.5.1 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225531 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225840 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.11.0 extras and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225070 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Virtualization 4.11.0 Images security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226526 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2022-1628url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1628

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225069 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1829url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1829

Trust: 0.1

sources: VULMON: CVE-2022-1629 // JVNDB: JVNDB-2022-010778 // CNNVD: CNNVD-202205-2825

EXTERNAL IDS

db:NVDid:CVE-2022-1629

Trust: 4.1

db:PACKETSTORMid:167853

Trust: 0.8

db:PACKETSTORMid:167778

Trust: 0.8

db:JVNDBid:JVNDB-2022-010778

Trust: 0.8

db:PACKETSTORMid:167985

Trust: 0.7

db:PACKETSTORMid:167666

Trust: 0.7

db:CS-HELPid:SB2022071342

Trust: 0.6

db:CS-HELPid:SB2022072631

Trust: 0.6

db:CS-HELPid:SB2022052017

Trust: 0.6

db:CS-HELPid:SB2022070109

Trust: 0.6

db:CS-HELPid:SB2022070642

Trust: 0.6

db:CS-HELPid:SB2022063027

Trust: 0.6

db:CS-HELPid:SB2022072127

Trust: 0.6

db:CS-HELPid:SB2022072010

Trust: 0.6

db:AUSCERTid:ESB-2022.5300

Trust: 0.6

db:AUSCERTid:ESB-2022.4601

Trust: 0.6

db:AUSCERTid:ESB-2022.3226

Trust: 0.6

db:AUSCERTid:ESB-2022.3821

Trust: 0.6

db:AUSCERTid:ESB-2022.3977

Trust: 0.6

db:AUSCERTid:ESB-2022.3554

Trust: 0.6

db:AUSCERTid:ESB-2022.3873

Trust: 0.6

db:AUSCERTid:ESB-2022.3644

Trust: 0.6

db:CNNVDid:CNNVD-202205-2825

Trust: 0.6

db:PACKETSTORMid:167838

Trust: 0.2

db:PACKETSTORMid:167644

Trust: 0.2

db:PACKETSTORMid:167845

Trust: 0.2

db:PACKETSTORMid:167984

Trust: 0.1

db:VULHUBid:VHN-419742

Trust: 0.1

db:VULMONid:CVE-2022-1629

Trust: 0.1

db:PACKETSTORMid:168036

Trust: 0.1

db:PACKETSTORMid:172122

Trust: 0.1

sources: VULHUB: VHN-419742 // VULMON: CVE-2022-1629 // JVNDB: JVNDB-2022-010778 // PACKETSTORM: 168036 // PACKETSTORM: 167853 // PACKETSTORM: 167838 // PACKETSTORM: 172122 // PACKETSTORM: 167778 // PACKETSTORM: 167845 // PACKETSTORM: 167644 // CNNVD: CNNVD-202205-2825 // NVD: CVE-2022-1629

REFERENCES

url:https://support.apple.com/kb/ht213488

Trust: 1.8

url:https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/oct/41

Trust: 1.8

url:https://security.gentoo.org/glsa/202208-32

Trust: 1.8

url:https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd

Trust: 1.8

url:http://seclists.org/fulldisclosure/2022/oct/28

Trust: 1.7

url:https://security.gentoo.org/glsa/202305-16

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-1629

Trust: 1.4

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-1629

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-1621

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-1621

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072631

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3977

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072127

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070642

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb20220720108

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071342

Trust: 0.6

url:https://packetstormsecurity.com/files/167666/red-hat-security-advisory-2022-5242-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/167853/red-hat-security-advisory-2022-5531-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022063027

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5300

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070109

Trust: 0.6

url:https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-find-next-quote-38391

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3554

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3873

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022052017

Trust: 0.6

url:https://packetstormsecurity.com/files/167985/red-hat-security-advisory-2022-5909-01.html

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-1629/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3226

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3644

Trust: 0.6

url:https://packetstormsecurity.com/files/167778/red-hat-security-advisory-2022-5673-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3821

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4601

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-27776

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-27774

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-25313

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-29824

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-27782

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-22576

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-40528

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-25314

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-1271

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-27774

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-22576

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-40528

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-25314

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-25313

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-1271

Trust: 0.3

url:https://access.redhat.com/errata/rhsa-2022:5319

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-4189

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3634

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-38561

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3737

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27666

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-28915

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-28915

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-27666

Trust: 0.2

url:https://issues.jboss.org/):

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27782

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-27776

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/126.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-buffer-overflow-in-vim-cve-2022-1629/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28327

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5068

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20095

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24921

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27191

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29162

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23772

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42771

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1706

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18874

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25219

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28493

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31566

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18874

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23806

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1729

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5070

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24903

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28493

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23773

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24675

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0778

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3695

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28735

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3696

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3696

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5531

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28736

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3695

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3697

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28733

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28734

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3697

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28737

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24450

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5704

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-29824

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29173

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-29173

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1733

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1942

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2345

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2207

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2845

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2182

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2231

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2210

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2816

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1619

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2862

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1796

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3256

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2285

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3296

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2000

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3705

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3235

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1771

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1735

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2889

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2288

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2183

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1886

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2304

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1674

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2287

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2343

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0051

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2923

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2982

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1851

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1897

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2264

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3520

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1927

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1898

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-4293

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2126

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3099

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1154

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2208

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2042

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2874

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3016

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2124

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3278

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-47024

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0054

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2286

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1381

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1616

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-4141

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2819

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1420

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1785

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1769

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2206

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0049

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2175

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2849

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2284

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3324

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2980

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2817

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2344

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2522

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2289

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2129

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1968

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3591

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2257

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-4292

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3134

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3297

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1620

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3352

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3491

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2125

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1725

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1160

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3234

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41103

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:4991

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26945

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30321

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3737

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3634

Trust: 0.1

url:https://access.redhat.com/containers

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4189

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43565

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26945

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43565

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30322

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30323

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41103

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26691

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5556

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26691

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-38561

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

sources: VULHUB: VHN-419742 // VULMON: CVE-2022-1629 // JVNDB: JVNDB-2022-010778 // PACKETSTORM: 168036 // PACKETSTORM: 167853 // PACKETSTORM: 167838 // PACKETSTORM: 172122 // PACKETSTORM: 167778 // PACKETSTORM: 167845 // PACKETSTORM: 167644 // CNNVD: CNNVD-202205-2825 // NVD: CVE-2022-1629

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 168036 // PACKETSTORM: 167853 // PACKETSTORM: 167838 // PACKETSTORM: 167778 // PACKETSTORM: 167845 // PACKETSTORM: 167644

SOURCES

db:VULHUBid:VHN-419742
db:VULMONid:CVE-2022-1629
db:JVNDBid:JVNDB-2022-010778
db:PACKETSTORMid:168036
db:PACKETSTORMid:167853
db:PACKETSTORMid:167838
db:PACKETSTORMid:172122
db:PACKETSTORMid:167778
db:PACKETSTORMid:167845
db:PACKETSTORMid:167644
db:CNNVDid:CNNVD-202205-2825
db:NVDid:CVE-2022-1629

LAST UPDATE DATE

2024-11-23T20:39:31.223000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-419742date:2022-10-31T00:00:00
db:VULMONid:CVE-2022-1629date:2022-10-31T00:00:00
db:JVNDBid:JVNDB-2022-010778date:2023-08-17T04:19:00
db:CNNVDid:CNNVD-202205-2825date:2023-05-04T00:00:00
db:NVDid:CVE-2022-1629date:2024-11-21T06:41:07.860

SOURCES RELEASE DATE

db:VULHUBid:VHN-419742date:2022-05-10T00:00:00
db:VULMONid:CVE-2022-1629date:2022-05-10T00:00:00
db:JVNDBid:JVNDB-2022-010778date:2023-08-17T00:00:00
db:PACKETSTORMid:168036date:2022-08-10T15:54:58
db:PACKETSTORMid:167853date:2022-07-27T17:32:40
db:PACKETSTORMid:167838date:2022-07-27T17:26:20
db:PACKETSTORMid:172122date:2023-05-03T15:29:00
db:PACKETSTORMid:167778date:2022-07-21T20:26:52
db:PACKETSTORMid:167845date:2022-07-27T17:28:30
db:PACKETSTORMid:167644date:2022-07-01T14:56:38
db:CNNVDid:CNNVD-202205-2825date:2022-05-10T00:00:00
db:NVDid:CVE-2022-1629date:2022-05-10T14:15:08.530