ID

VAR-202205-1990


CVE

CVE-2022-1927


TITLE

Red Hat Security Advisory 2022-7055-01

Trust: 0.1

sources: PACKETSTORM: 169435

DESCRIPTION

Buffer Over-read in GitHub repository vim/vim prior to 8.2. Vim is a cross-platform text editor. Vim versions prior to 8.2 have a security vulnerability caused by buffer overreading. Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.12 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bugs fixed (https://bugzilla.redhat.com/): 2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.11.1 bug fix and security update Advisory ID: RHSA-2022:6103-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:6103 Issue date: 2022-08-23 CVE Names: CVE-2022-1012 CVE-2022-1292 CVE-2022-1586 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-30629 CVE-2022-30631 CVE-2022-32250 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.1. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2022:6102 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html Security Fix(es): * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.1-x86_64 The image digest is sha256:97410a5db655a9d3017b735c2c0747c849d09ff551765e49d5272b80c024a844 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.1-s390x The image digest is sha256:13734de7e796e46f5403ef9ee918be88c12fdc9b73acb8777e0cc7c56a276794 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.1-ppc64le The image digest is sha256:d0019b6b8b32cc9fea06562e6ce175086fa7de7b2b7dce171a8ac1a57f92f10b (For aarch64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.1-aarch64 The image digest is sha256:3394a79e173ac17bc96a7256665701d3d7e2a95535a12f2ceb19ceb41dcd6b79 All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2033256 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the module.vpc.aws_route_table.private_routes resource 2040715 - post 1.23 rebase: regression in service-load balancer reliability 2063622 - Failed to install the podman package from repo rhocp-4.10-for-rhel-8-x86_64-rpms 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2102576 - [4.11] [Cluster storage Operator] DefaultStorageClassController report fake message "No default StorageClass for this platform" on azure and openstack 2103638 - No need to pass to-image-base for `oc adm release new` command when use --from-release 2103899 - [OVN] bonding fails after active-backup fail-over and reboot, kargs static IP 2104386 - OVS-Configure doesn't iterate connection names containing spaces correctly 2104435 - [dpu-network-operator] Updating images to be consistent with ART 2104510 - Update ose-machine-config-operator images to be consistent with ART 2104687 - MCP upgrades can stall waiting for master node reboots since MCC no longer gets drained 2105056 - Openshift-Ansible RHEL 8 CI update 2105444 - [OVN] Node to service traffic is blocked if service is "internalTrafficPolicy: Local" even backed pod is on the same node 2106772 - openshift4/ose-operator-registry image is vulnerable to multiple CVEs 2106795 - crio umask sometimes set to 0000 2107003 - The bash completion doesn't work for get subcommand 2107045 - OLM updates namespace labels even if they haven't changed 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107777 - Pipeline status filter and status colors doesn't work correctly with non-english languages 2107871 - Import: Advanced option sentence is splited into two parts and headlines has no padding 2108021 - Machine Controller stuck with Terminated Instances while Provisioning on AWS 2109052 - Add to application dropdown options are not visible on application-grouping sidebar action dropdown. 2109205 - HTTPS_PROXY ENV missing in some CSI driver operators 2109270 - Kube controllers crash when nodes are shut off in OpenStack 2109489 - Reply to arp requests on interfaces with no ip 2109709 - Namespace value is missing on the list when selecting "All namespaces" for operators 2109731 - alertmanager-main pods failing to start due to startupprobe timeout 2109866 - Cannot delete a Machine if a VM got stuck in ERROR 2109977 - storageclass should not be created for unsupported vsphere version 2110482 - [vsphere] failed to create cluster if datacenter is embedded in a Folder 2110723 - openshift-tests: allow -f to match tests for any test suite 2110737 - Master node in SchedulingDisabled after upgrade from 4.10.24 -> 4.11.0-rc.4 2111037 - Affinity rule created in console deployment for single-replica infrastructure 2111347 - dummy bug for 4.10.z bz2111335 2111471 - Node internal DNS address is not set for machine 2111475 - Fetch internal IPs of vms from dhcp server 2111587 - [4.11] Export OVS metrics 2111619 - Pods are unable to reach clusterIP services, ovn-controller isn't installing the group mod flows correctly 2111992 - OpenShift controller manager needs permissions to get/create/update leases for leader election 2112297 - bond-cni: Backport "mac duplicates" 4.11 2112353 - lifecycle.posStart hook does not have network connectivity. 2112908 - Search resource "virtualmachine" in "Home -> Search" crashes the console 2112912 - sum_irate doesn't work in OCP 4.8 2113926 - hypershift cluster deployment hang due to nil pointer dereference for hostedControlPlane.Spec.Etcd.Managed 2113938 - Fix e2e tests for [reboots][machine_config_labels] (tsc=nowatchdog) 2114574 - can not upgrade. Incorrect reading of olm.maxOpenShiftVersion 2114602 - Upgrade failing because restrictive scc is injected into version pod 2114964 - kola dhcp.propagation test failing 2115315 - README file for helm charts coded in Chinese shows messy characters when viewing in developer perspective. 2115435 - [4.11] INIT container stuck forever 2115564 - ClusterVersion availableUpdates is stale: PromQL conditional risks vs. slow/stuck Thanos 2115817 - Updates / config metrics are not available in 4.11 2116009 - Node Tuning Operator(NTO) - OCP upgrade failed due to node-tuning CO still progressing 2116557 - Order of config attributes are not maintained during conversion of PT4l from ptpconfig to ptp4l.0.config file 2117223 - kubernetes-nmstate-operator fails to install with error "no channel heads (entries not replaced by another entry) found in channel" 2117324 - catalog-operator fatal error: concurrent map writes 2117353 - kola dhcp.propagation test out of memory 2117370 - Migrate openshift-ansible to ansible-core 2117746 - Bump to latest k8s.io 1.24 release 2118214 - dummy bug for 4.10.z bz2118209 2118375 - pass the "--quiet" option via the buildconfig for s2i 5. JIRA issues fixed (https://issues.jboss.org/): OCPBUGS-1 - Test Bug 6. References: https://access.redhat.com/security/cve/CVE-2022-1012 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-32250 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYwUXddzjgjWX9erEAQhaVQ/+LoSAe5mCgjPe0+gupmu0jxSmErna51Gz LBlcOWhmgSi2LDYiLl0x5fIg1rQuFX87rSqo0397m7k4Wcon7ztOeDBAtc120fbP i3N+2C+t2wrRPkObvGYKwiCj15+CZP/pIoTQqBlwzqcMAOBLPkXmyXgPaGiA12W7 MoZlSyeEfyx2r636op+e9GC6ysmP2Jq7v+IU2H5/fK7fwPb2lnEIqZV/VXQB4+n7 U7x4Rlng+iLwqalJjCgWY8VLHBQPbIkAQoWS1rMj4f/VEzdbJf7tXNwJOBlPaaJ0 qn8aVZt0b0DMnW0NERm08jg6SYIx8jwMjC/E9Y+JkLdI4nO7f22TOEXgocKHpSMi jm6yLG6Klvjio8rT0+tYB9QBgo8owR5QxhTH3+ffcdlNqDWk33wt8da2n0vCKY4w iC1p3bTxCFdxkPz8FkF/p+nVrI5ZGTNd94Q29YiK+BtlGVAVGGqk208YVcQ85RH2 8YQminXLeLt/RA4cKm/4eq5PlGW7lXAsKVM4UxiYZdqWe/WFuW5zoaF1IdcbNL1p dZaaS1Dy9KvEzF6LPeVFcBg7ouGkdWtBwWQcEGV4bzPjbik8HkiIOkd4J1uT6KHs di3yYWJc3Q1mHuXV7byNUhaQQtpkiB/jDAUiQ0ggOfTawBbwleBMgxwUt38sMtpV 6FmWxlUydm8=6nTC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. Bugs fixed (https://bugzilla.redhat.com/): 2215317 - CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection 5. JIRA issues fixed (https://issues.redhat.com/): OCPBUGS-15446 - (release-4.11) gather "gateway-mode-config" config map from "openshift-network-operator" namespace OCPBUGS-15532 - visiting Configurations page returns error Cannot read properties of undefined (reading 'apiGroup') OCPBUGS-15645 - Can't use git lfs in BuildConfig git source with strategy Docker OCPBUGS-15739 - Environment cannot find Python OCPBUGS-15758 - [release-4.11] Bump Jenkins and Jenkins Agent Base image versions OCPBUGS-15942 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get "https://registry.centos.org/v2/": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host OCPBUGS-15966 - [4.12] MetalLB contains incorrect data Correct and incorrect MetalLB resources coexist should have correct statuses 6. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/ Security fixes: * moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129) * vm2: Sandbox Escape in vm2 (CVE-2022-36067) Bug fixes: * Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters (BZ# 2074547) * OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constrain (BZ# 2082254) * subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec (BZ# 2083659) * Yaml editor for creating vSphere cluster moves to next line after typing (BZ# 2086883) * Submariner addon status doesn't track all deployment failures (BZ# 2090311) * Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret (BZ# 2091170) * After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors (BZ# 2095481) * Enforce failed and report the violation after modified memory value in limitrange policy (BZ# 2100036) * Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" (BZ# 2101577) * Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies (BZ# 2102273) * managed cluster is in "unknown" state for 120 mins after OADP restore * RHACM 2.5.2 images (BZ# 2104553) * Subscription UI does not allow binding to label with empty value (BZ# 2104961) * Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ# 2106069) * Region information is not available for Azure cloud in managedcluster CR (BZ# 2107134) * cluster uninstall log points to incorrect container name (BZ# 2107359) * ACM shows wrong path for Argo CD applicationset git generator (BZ# 2107885) * Single node checkbox not visible for 4.11 images (BZ# 2109134) * Unable to deploy hypershift cluster when enabling validate-cluster-security (BZ# 2109544) * Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application (BZ# 20110026) * After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating (BZ# 2117728) * pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292) * ArgoCD and AppSet Applications do not deploy to local-cluster (BZ# 2124707) 3. Bugs fixed (https://bugzilla.redhat.com/): 2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters 2082254 - OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constraint 2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec 2086883 - Yaml editor for creating vSphere cluster moves to next line after typing 2090311 - Submariner addon status doesn't track all deployment failures 2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret 2095481 - After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors 2100036 - Enforce failed and report the violation after modified memory value in limitrange policy 2101577 - Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" 2102273 - Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies 2103653 - managed cluster is in "unknown" state for 120 mins after OADP restore 2104553 - RHACM 2.5.2 images 2104961 - Subscription UI does not allow binding to label with empty value 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD 2107134 - Region information is not available for Azure cloud in managedcluster CR 2107359 - cluster uninstall log points to incorrect container name 2107885 - ACM shows wrong path for Argo CD applicationset git generator 2109134 - Single node checkbox not visible for 4.11 images 2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application 2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating 2122292 - pods in CrashLoopBackoff on 3.11 managed cluster 2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2 5. Summary: The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Solution: For details on how to install and use MTC, refer to: https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 2054663 - CVE-2022-0512 nodejs-url-parse: authorization bypass through user-controlled key 2057442 - CVE-2022-0639 npm-url-parse: Authorization Bypass Through User-Controlled Key 2060018 - CVE-2022-0686 npm-url-parse: Authorization bypass through user-controlled key 2060020 - CVE-2022-0691 npm-url-parse: authorization bypass through user-controlled key 2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5. Description: Logging Subsystem 5.5.5 - Red Hat OpenShift Security Fixe(s): * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879, CVE-2022-2880, CVE-2022-41715) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) * loader-utils: Regular expression denial of service (CVE-2022-37603) * golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster LOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch LOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn't support multiple CAs LOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types. LOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value LOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed LOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue LOG-3310 - [release-5.5] Can't choose correct CA ConfigMap Key when creating lokistack in Console LOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config 6

Trust: 1.71

sources: NVD: CVE-2022-1927 // VULHUB: VHN-423615 // VULMON: CVE-2022-1927 // PACKETSTORM: 169435 // PACKETSTORM: 168213 // PACKETSTORM: 168139 // PACKETSTORM: 173605 // PACKETSTORM: 168378 // PACKETSTORM: 168352 // PACKETSTORM: 170162

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:applemodel:macosscope:ltversion:13.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:vimmodel:vimscope:ltversion:8.2.5037

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:36

Trust: 1.0

sources: NVD: CVE-2022-1927

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-1927
value: HIGH

Trust: 1.0

security@huntr.dev: CVE-2022-1927
value: HIGH

Trust: 1.0

VULHUB: VHN-423615
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-1927
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-1927
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-423615
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-1927
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security@huntr.dev: CVE-2022-1927
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-423615 // VULMON: CVE-2022-1927 // NVD: CVE-2022-1927 // NVD: CVE-2022-1927

PROBLEMTYPE DATA

problemtype:CWE-126

Trust: 1.1

problemtype:CWE-125

Trust: 1.0

sources: VULHUB: VHN-423615 // NVD: CVE-2022-1927

TYPE

code execution

Trust: 0.2

sources: PACKETSTORM: 173605 // PACKETSTORM: 168352

PATCH

title:Red Hat: Moderate: vim security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225942 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: vim security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225813 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Self Node Remediation Operator 0.4.1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226184 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.11.1 bug fix and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226103 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Openshift Logging Security and Bug Fix update (5.3.11)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226182 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Logging Subsystem 5.5.0 - Red Hat OpenShift security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226051 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat OpenShift Service Mesh 2.2.2 Containers security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226283 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Logging Subsystem 5.4.5 Security and Bug Fix Updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226183 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: Red Hat Advanced Cluster Management 2.5.2 security fixes and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226507 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: RHOSDT 2.6.0 operator/operand containers Security Updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227055 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift sandboxed containers 1.3.1 security fix and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227058 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: New container image for Red Hat Ceph Storage 5.2 Security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226024 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: RHACS 3.72 enhancement and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226714 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226370 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.12 security updates and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226271 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226696 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226156 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.11.45 bug fix and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20234053 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Virtualization 4.11.1 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228750 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226429 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenShift Virtualization 4.12.0 Images security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230408 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2022-1628url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1628

Trust: 0.1

title:Red Hat: Moderate: Openshift Logging 5.3.14 bug fix release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228889 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20228781 - Security Advisory

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-116url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-116

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1829url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1829

Trust: 0.1

sources: VULMON: CVE-2022-1927

EXTERNAL IDS

db:NVDid:CVE-2022-1927

Trust: 1.9

db:PACKETSTORMid:168378

Trust: 0.2

db:PACKETSTORMid:168139

Trust: 0.2

db:PACKETSTORMid:169435

Trust: 0.2

db:PACKETSTORMid:168213

Trust: 0.2

db:PACKETSTORMid:168516

Trust: 0.1

db:PACKETSTORMid:168150

Trust: 0.1

db:PACKETSTORMid:167944

Trust: 0.1

db:PACKETSTORMid:168538

Trust: 0.1

db:PACKETSTORMid:168182

Trust: 0.1

db:PACKETSTORMid:168112

Trust: 0.1

db:PACKETSTORMid:168289

Trust: 0.1

db:PACKETSTORMid:168287

Trust: 0.1

db:PACKETSTORMid:168222

Trust: 0.1

db:PACKETSTORMid:168284

Trust: 0.1

db:PACKETSTORMid:168013

Trust: 0.1

db:PACKETSTORMid:169443

Trust: 0.1

db:PACKETSTORMid:168022

Trust: 0.1

db:CNNVDid:CNNVD-202205-4253

Trust: 0.1

db:VULHUBid:VHN-423615

Trust: 0.1

db:VULMONid:CVE-2022-1927

Trust: 0.1

db:PACKETSTORMid:173605

Trust: 0.1

db:PACKETSTORMid:168352

Trust: 0.1

db:PACKETSTORMid:170162

Trust: 0.1

sources: VULHUB: VHN-423615 // VULMON: CVE-2022-1927 // PACKETSTORM: 169435 // PACKETSTORM: 168213 // PACKETSTORM: 168139 // PACKETSTORM: 173605 // PACKETSTORM: 168378 // PACKETSTORM: 168352 // PACKETSTORM: 170162 // NVD: CVE-2022-1927

REFERENCES

url:https://support.apple.com/kb/ht213488

Trust: 1.2

url:https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777

Trust: 1.2

url:http://seclists.org/fulldisclosure/2022/oct/28

Trust: 1.2

url:http://seclists.org/fulldisclosure/2022/oct/41

Trust: 1.2

url:https://security.gentoo.org/glsa/202208-32

Trust: 1.2

url:https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010

Trust: 1.2

url:https://security.gentoo.org/glsa/202305-16

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/

Trust: 1.1

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-1586

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-1897

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-1927

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-1785

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-2097

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-1292

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-2068

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-2097

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-32208

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-1586

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-1927

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-32206

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-1897

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-1785

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-1292

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-2068

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-34903

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-31129

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-32250

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-1012

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-1012

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-40528

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-2526

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-29824

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-29154

Trust: 0.3

url:https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-31129

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1650

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25314

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25313

Trust: 0.2

url:https://issues.jboss.org/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-30629

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-30631

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-32250

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3634

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35525

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-31566

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23177

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35527

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1271

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35525

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-37434

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35527

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.2

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/126.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5942

Trust: 0.1

url:https://alas.aws.amazon.com/alas-2022-1628.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0536

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24785

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7055

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3918

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0391

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0391

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1650

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24785

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-20107

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3918

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0536

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-20107

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26116

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26116

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27782

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1729

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21123

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27776

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21166

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21125

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22576

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1966

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3177

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26137

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-40528

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1729

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1966

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26137

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3177

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6271

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6103

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30631

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30629

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6102

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0215

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-47629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-1281

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42898

Trust: 0.1

url:https://registry.centos.org/v2/":

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:4053

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36084

Trust: 0.1

url:https://issues.redhat.com/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42010

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-32233

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42011

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-4304

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-38177

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-38178

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21235

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-24329

Trust: 0.1

url:https://access.redhat.com/errata/rhba-2023:4052

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-4450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40674

Trust: 0.1

url:https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3580

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6507

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32206

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-36067

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32208

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2526

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-29154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8559

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4189

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20095

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0691

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28500

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0686

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-16845

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.1

url:https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23337

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3737

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42771

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0639

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6429

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0512

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28493

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22844

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28390

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30002

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27406

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21619

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24448

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3640

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36558

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0168

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0854

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-20368

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0865

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0562

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2586

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:8781

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25255

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41715

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26717

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0168

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30002

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0865

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22628

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1016

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28893

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0854

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1304

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21618

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2509

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-3709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2879

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26716

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2078

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27405

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0891

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0617

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21626

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-39399

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-36946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0562

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3515

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42003

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1055

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26373

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1355

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27404

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32189

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0909

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1048

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22662

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26700

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0561

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0924

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2880

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23960

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0908

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29581

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0561

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21499

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2639

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21628

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30293

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42004

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27664

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-37603

Trust: 0.1

sources: VULHUB: VHN-423615 // VULMON: CVE-2022-1927 // PACKETSTORM: 169435 // PACKETSTORM: 168213 // PACKETSTORM: 168139 // PACKETSTORM: 173605 // PACKETSTORM: 168378 // PACKETSTORM: 168352 // PACKETSTORM: 170162 // NVD: CVE-2022-1927

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 169435 // PACKETSTORM: 168213 // PACKETSTORM: 168139 // PACKETSTORM: 173605 // PACKETSTORM: 168378 // PACKETSTORM: 168352 // PACKETSTORM: 170162

SOURCES

db:VULHUBid:VHN-423615
db:VULMONid:CVE-2022-1927
db:PACKETSTORMid:169435
db:PACKETSTORMid:168213
db:PACKETSTORMid:168139
db:PACKETSTORMid:173605
db:PACKETSTORMid:168378
db:PACKETSTORMid:168352
db:PACKETSTORMid:170162
db:NVDid:CVE-2022-1927

LAST UPDATE DATE

2024-11-20T21:50:30.410000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-423615date:2022-10-31T00:00:00
db:VULMONid:CVE-2022-1927date:2023-11-07T00:00:00
db:NVDid:CVE-2022-1927date:2023-11-07T03:42:18.747

SOURCES RELEASE DATE

db:VULHUBid:VHN-423615date:2022-05-29T00:00:00
db:VULMONid:CVE-2022-1927date:2022-05-29T00:00:00
db:PACKETSTORMid:169435date:2022-10-20T14:19:18
db:PACKETSTORMid:168213date:2022-09-01T16:30:25
db:PACKETSTORMid:168139date:2022-08-24T13:06:10
db:PACKETSTORMid:173605date:2023-07-19T15:37:11
db:PACKETSTORMid:168378date:2022-09-14T15:08:07
db:PACKETSTORMid:168352date:2022-09-13T15:42:14
db:PACKETSTORMid:170162date:2022-12-08T16:34:22
db:NVDid:CVE-2022-1927date:2022-05-29T14:15:08.047