ID

VAR-202205-1319


CVE

CVE-2022-26710


TITLE

Freed memory usage vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-022830

DESCRIPTION

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. iPadOS , iOS , macOS Multiple Apple products contain a freed memory usage vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple tvOS is a smart TV operating system developed by Apple (Apple). WebKit is a fast, open source web browser engine. Apple tvOS 15.0 19J346 - 15.4.1 19L452 versions contain a resource management error vulnerability caused by a use-after-free error when handling HTML content in WebKit. A remote attacker could exploit this vulnerability to compromise a vulnerable system. Summary: OpenShift API for Data Protection (OADP) 1.1.2 is now available. Description: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed (https://issues.jboss.org/): OADP-1056 - DPA fails validation if multiple BSLs have the same provider OADP-1150 - Handle docker env config changes in the oadp-operator OADP-1217 - update velero + restic to 1.9.5 OADP-1256 - Backup stays in progress status after restic pod is restarted due to OOM killed OADP-1289 - Restore partially fails with error "Secrets \"deployer-token-rrjqx\" not found" OADP-290 - Remove creation/usage of velero-privileged SCC 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images Advisory ID: RHSA-2022:8964-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:8964 Issue date: 2022-12-13 CVE Names: CVE-2016-3709 CVE-2022-1304 CVE-2022-3782 CVE-2022-3916 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-30293 CVE-2022-37434 CVE-2022-42898 ==================================================================== 1. Summary: Updated rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Security Fix(es): * keycloak: path traversal via double URL encoding (CVE-2022-3782) * keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Users of rh-sso-7/sso76-openshift-rhel8 container images and rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory in Red Hat Container Catalog (see References). 3. Solution: The RHEL-8 based Middleware Containers container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References). Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. 4. Bugs fixed (https://bugzilla.redhat.com/): 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens 5. JIRA issues fixed (https://issues.jboss.org/): CIAM-4412 - Build new OCP image for rh-sso-7/sso76-openshift-rhel8 CIAM-4413 - Generate new operator bundle image for this patch 6. References: https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-3782 https://access.redhat.com/security/cve/CVE-2022-3916 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-42898 https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/rh-sso-7/sso76-openshift-rhel8 https://access.redhat.com/security/updates/classification/#important 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY5ipn9zjgjWX9erEAQjCiRAAi5ZA/JuXoVbFoEvce4VnkiwYj3R9YGSF xcRYfIxIULSq4rRxjOKZroVyzZUp4HCYHxiNVjSOfreCVCUOrdSEipedwuJIIqvx SbYkdr9H0nww4Sne6rCOJZxVtgGMwMFBCVvQqeqRQAJH6qLpkuHnIda1wt/9HKbV 6kgg4BeqmYVReLO4f0QEXaBl6xuUWTAh8hr4B2fiKJ19r5On05Ob+rXUnpfzqu2p tA204sSB4y5sL6cNxGHXzxDcazRdYyLJj6KkN+3ydLANjFruU5pq9nxZoqKRlT7p CDYGoEguuheLNyDkIXjVngHs7mtKCS6da2jqcJC3fh3N/+hhepeGXk642jyF8u1o RMr6M8HPNsVL4Vdg9d3CZtzfBkDFXSHKD5O6Mi6SkCTKWrY/K6UG1JQtcIpDOTzd PWKE1WkqvpyA3Ie8DRUI0ztEDdRhazPCd+03HYKEVWoD/a+Q5NqgCaBViSuLLxpU 9FIq9OPwaxE4wzEjfuyOBNY183f6eTbAA7RE4ynfitiQiXMUKAhO3jLkFUgsogkp y/N2xyYR/SjIKyRH8zkQXc6+FD5gDX+8exWYnqD+dd8ucmK/D49nwoprXca7X4fH 1cBIpjuFF1pXQTwnygAh7Nyd40bIjEOB81YjoiroOhoLzfsBfBywLfon14bElgu/ c6KgATBEAcE=oocq -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/): 2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing 5. Bugs fixed (https://bugzilla.redhat.com/): 2134876 - CVE-2022-37601 loader-utils: prototype pollution in function parseQuery in parseQuery.js 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service 2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing 2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process 2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method 2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service 2156683 - CVE-2020-36567 gin: Unsanitized input in the default logger in github.com/gin-gonic/gin 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed (https://issues.jboss.org/): MTA-103 - MTA 6.0.1 Installation failed with CrashLoop Error for UI Pod MTA-106 - Implement ability for windup addon image pull policy to be configurable MTA-122 - MTA is upgrading automatically ignoring 'Manual' setting MTA-123 - MTA Becomes unusable when running bulk binary analysis MTA-127 - After upgrading MTA operator from 6.0.0 to 6.0.1 and running analysis , task pods starts failing MTA-131 - Analysis stops working after MTA upgrade from 6.0.0 to 6.0.1 MTA-36 - Can't disable a proxy if it has an invalid configuration MTA-44 - Make RWX volumes optional. MTA-49 - Uploaded a local binary when return back to the page the UI should show green bar and correct % MTA-59 - Getting error 401 if deleting many credentials quickly MTA-65 - Set windup addon image pull policy to be controlled by the global image_pull_policy parameter MTA-72 - CVE-2022-46175 mta-ui-container: json5: Prototype Pollution in JSON5 via Parse Method [mta-6] MTA-73 - CVE-2022-37601 mta-ui-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js [mta-6] MTA-74 - CVE-2020-36567 mta-windup-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-76 - CVE-2022-37603 mta-ui-container: loader-utils:Regular expression denial of service [mta-6] MTA-77 - CVE-2020-36567 mta-hub-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-80 - CVE-2021-35065 mta-ui-container: glob-parent: Regular Expression Denial of Service [mta-6] MTA-82 - CVE-2022-42920 org.jboss.windup-windup-cli-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0] MTA-85 - CVE-2022-24999 mta-ui-container: express: "qs" prototype poisoning causes the hang of the node process [mta-6] MTA-88 - CVE-2020-36567 mta-admin-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-92 - CVE-2022-42920 org.jboss.windup.plugin-windup-maven-plugin-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0] MTA-96 - [UI] Maven -> "Local artifact repository" textbox can be checked and has no tooltip 6. Solution: For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html For Red Hat OpenShift Logging 5.5, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html 4. JIRA issues fixed (https://issues.jboss.org/): LOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster LOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch LOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn't support multiple CAs LOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types. LOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value LOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed LOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue LOG-3310 - [release-5.5] Can't choose correct CA ConfigMap Key when creating lokistack in Console LOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config 6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: WebKitGTK+: Multiple Vulnerabilities Date: August 31, 2022 Bugs: #866494, #864427, #856445, #861740, #837305, #845252, #839984, #833568, #832990 ID: 202208-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Background ========= WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.36.7 >= 2.36.7 Description ========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.36.7" References ========= [ 1 ] CVE-2022-2294 https://nvd.nist.gov/vuln/detail/CVE-2022-2294 [ 2 ] CVE-2022-22589 https://nvd.nist.gov/vuln/detail/CVE-2022-22589 [ 3 ] CVE-2022-22590 https://nvd.nist.gov/vuln/detail/CVE-2022-22590 [ 4 ] CVE-2022-22592 https://nvd.nist.gov/vuln/detail/CVE-2022-22592 [ 5 ] CVE-2022-22620 https://nvd.nist.gov/vuln/detail/CVE-2022-22620 [ 6 ] CVE-2022-22624 https://nvd.nist.gov/vuln/detail/CVE-2022-22624 [ 7 ] CVE-2022-22628 https://nvd.nist.gov/vuln/detail/CVE-2022-22628 [ 8 ] CVE-2022-22629 https://nvd.nist.gov/vuln/detail/CVE-2022-22629 [ 9 ] CVE-2022-22662 https://nvd.nist.gov/vuln/detail/CVE-2022-22662 [ 10 ] CVE-2022-22677 https://nvd.nist.gov/vuln/detail/CVE-2022-22677 [ 11 ] CVE-2022-26700 https://nvd.nist.gov/vuln/detail/CVE-2022-26700 [ 12 ] CVE-2022-26709 https://nvd.nist.gov/vuln/detail/CVE-2022-26709 [ 13 ] CVE-2022-26710 https://nvd.nist.gov/vuln/detail/CVE-2022-26710 [ 14 ] CVE-2022-26716 https://nvd.nist.gov/vuln/detail/CVE-2022-26716 [ 15 ] CVE-2022-26717 https://nvd.nist.gov/vuln/detail/CVE-2022-26717 [ 16 ] CVE-2022-26719 https://nvd.nist.gov/vuln/detail/CVE-2022-26719 [ 17 ] CVE-2022-30293 https://nvd.nist.gov/vuln/detail/CVE-2022-30293 [ 18 ] CVE-2022-30294 https://nvd.nist.gov/vuln/detail/CVE-2022-30294 [ 19 ] CVE-2022-32784 https://nvd.nist.gov/vuln/detail/CVE-2022-32784 [ 20 ] CVE-2022-32792 https://nvd.nist.gov/vuln/detail/CVE-2022-32792 [ 21 ] CVE-2022-32893 https://nvd.nist.gov/vuln/detail/CVE-2022-32893 [ 22 ] WSA-2022-0002 https://webkitgtk.org/security/WSA-2022-0002.html [ 23 ] WSA-2022-0003 https://webkitgtk.org/security/WSA-2022-0003.html [ 24 ] WSA-2022-0007 https://webkitgtk.org/security/WSA-2022-0007.html [ 25 ] WSA-2022-0008 https://webkitgtk.org/security/WSA-2022-0008.html Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-39 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.34

sources: NVD: CVE-2022-26710 // JVNDB: JVNDB-2022-022830 // VULHUB: VHN-417379 // PACKETSTORM: 171310 // PACKETSTORM: 170210 // PACKETSTORM: 170759 // PACKETSTORM: 171144 // PACKETSTORM: 170162 // PACKETSTORM: 172460 // PACKETSTORM: 168226

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:12.4

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.5

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:15.5

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:8.6

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.5

Trust: 1.0

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope:eqversion:8.6

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-022830 // NVD: CVE-2022-26710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-26710
value: HIGH

Trust: 1.0

NVD: CVE-2022-26710
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2022-26710
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-26710
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022830 // NVD: CVE-2022-26710

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

problemtype:Use of freed memory (CWE-416) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-417379 // JVNDB: JVNDB-2022-022830 // NVD: CVE-2022-26710

TYPE

arbitrary

Trust: 0.1

sources: PACKETSTORM: 168226

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-417379

PATCH

title:HT213257 Apple  Security updateurl:https://support.apple.com/en-us/HT213253

Trust: 0.8

sources: JVNDB: JVNDB-2022-022830

EXTERNAL IDS

db:NVDid:CVE-2022-26710

Trust: 3.4

db:JVNDBid:JVNDB-2022-022830

Trust: 0.8

db:PACKETSTORMid:170210

Trust: 0.2

db:PACKETSTORMid:168226

Trust: 0.2

db:PACKETSTORMid:170956

Trust: 0.1

db:PACKETSTORMid:171026

Trust: 0.1

db:PACKETSTORMid:169920

Trust: 0.1

db:PACKETSTORMid:167194

Trust: 0.1

db:PACKETSTORMid:167185

Trust: 0.1

db:PACKETSTORMid:167193

Trust: 0.1

db:PACKETSTORMid:169760

Trust: 0.1

db:PACKETSTORMid:167186

Trust: 0.1

db:PACKETSTORMid:169889

Trust: 0.1

db:PACKETSTORMid:170898

Trust: 0.1

db:CNNVDid:CNNVD-202205-3519

Trust: 0.1

db:VULHUBid:VHN-417379

Trust: 0.1

db:PACKETSTORMid:171310

Trust: 0.1

db:PACKETSTORMid:170759

Trust: 0.1

db:PACKETSTORMid:171144

Trust: 0.1

db:PACKETSTORMid:170162

Trust: 0.1

db:PACKETSTORMid:172460

Trust: 0.1

sources: VULHUB: VHN-417379 // JVNDB: JVNDB-2022-022830 // PACKETSTORM: 171310 // PACKETSTORM: 170210 // PACKETSTORM: 170759 // PACKETSTORM: 171144 // PACKETSTORM: 170162 // PACKETSTORM: 172460 // PACKETSTORM: 168226 // NVD: CVE-2022-26710

REFERENCES

url:https://support.apple.com/en-us/ht213253

Trust: 1.1

url:https://support.apple.com/en-us/ht213254

Trust: 1.1

url:https://support.apple.com/en-us/ht213257

Trust: 1.1

url:https://support.apple.com/en-us/ht213258

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26710

Trust: 1.1

url:https://access.redhat.com/security/cve/cve-2022-22662

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-26710

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-1304

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-26700

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-26719

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-26709

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-26717

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-26716

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-22629

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-22628

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-22624

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-30293

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-1304

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-27404

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22624

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-42898

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22628

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-27405

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22629

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-27406

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22662

Trust: 0.5

url:https://issues.jboss.org/):

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-35737

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-46848

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-46848

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-25308

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-2880

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-25310

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-40304

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-25309

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-41717

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-40303

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-41715

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-47629

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2016-3709

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-26700

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-26719

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-26717

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-37434

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-26716

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-3709

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-26709

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-43680

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2953

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42011

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2879

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2869

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-4415

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2058

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-2057

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-2058

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2521

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-2519

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-2056

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2056

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42010

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2868

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2520

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42012

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2867

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2519

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2057

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0865

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1355

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0909

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0924

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0561

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0908

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0561

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35527

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0865

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0562

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42920

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2509

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0562

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22844

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35527

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35525

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35525

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0891

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-37603

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-32189

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1586

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-34903

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-27664

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-46285

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-48303

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:1174

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-4883

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-44617

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2521

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2520

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1122

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25308

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27404

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3782

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3916

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27405

Trust: 0.1

url:https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/rh-sso-7/sso76-openshift-rhel8

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:8964

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0891

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0908

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1471

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0924

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0470

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1355

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0909

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1471

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-35065

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3775

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35065

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21835

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41903

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24999

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-46175

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24999

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36567

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-37601

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3787

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2601

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21830

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36567

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28390

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30002

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21619

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24448

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2068

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2097

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36558

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0168

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0854

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-20368

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2586

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:8781

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25255

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0168

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30002

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1016

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28893

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0854

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21618

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1927

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2078

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0617

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21626

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-39399

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-36946

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3515

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42003

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1055

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26373

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1048

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23960

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29581

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1184

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1897

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21499

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2639

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1292

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21628

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42004

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-23916

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0584

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41724

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32190

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-4450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-4304

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41725

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0215

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0286

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1586

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27664

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22620

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22589

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22677

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2294

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30293

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2022-0008.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30294

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22590

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2022-0002.html

Trust: 0.1

url:https://security.gentoo.org/glsa/202208-39

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22592

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32893

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32792

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2022-0003.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32784

Trust: 0.1

url:https://webkitgtk.org/security/wsa-2022-0007.html

Trust: 0.1

sources: VULHUB: VHN-417379 // JVNDB: JVNDB-2022-022830 // PACKETSTORM: 171310 // PACKETSTORM: 170210 // PACKETSTORM: 170759 // PACKETSTORM: 171144 // PACKETSTORM: 170162 // PACKETSTORM: 172460 // PACKETSTORM: 168226 // NVD: CVE-2022-26710

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 171310 // PACKETSTORM: 170210 // PACKETSTORM: 170759 // PACKETSTORM: 171144 // PACKETSTORM: 170162 // PACKETSTORM: 172460

SOURCES

db:VULHUBid:VHN-417379
db:JVNDBid:JVNDB-2022-022830
db:PACKETSTORMid:171310
db:PACKETSTORMid:170210
db:PACKETSTORMid:170759
db:PACKETSTORMid:171144
db:PACKETSTORMid:170162
db:PACKETSTORMid:172460
db:PACKETSTORMid:168226
db:NVDid:CVE-2022-26710

LAST UPDATE DATE

2025-04-23T22:12:56.755000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-417379date:2022-11-03T00:00:00
db:JVNDBid:JVNDB-2022-022830date:2023-11-21T01:50:00
db:NVDid:CVE-2022-26710date:2022-11-03T13:48:21.390

SOURCES RELEASE DATE

db:VULHUBid:VHN-417379date:2022-11-01T00:00:00
db:JVNDBid:JVNDB-2022-022830date:2023-11-21T00:00:00
db:PACKETSTORMid:171310date:2023-03-09T15:14:10
db:PACKETSTORMid:170210date:2022-12-13T17:16:20
db:PACKETSTORMid:170759date:2023-01-27T15:03:38
db:PACKETSTORMid:171144date:2023-02-28T16:03:55
db:PACKETSTORMid:170162date:2022-12-08T16:34:22
db:PACKETSTORMid:172460date:2023-05-19T14:41:19
db:PACKETSTORMid:168226date:2022-09-01T16:33:44
db:NVDid:CVE-2022-26710date:2022-11-01T20:15:17.393