ID

VAR-202208-2263


CVE

CVE-2022-35252


TITLE

Haxx  of  cURL  Vulnerabilities in Products from Other Vendors

Trust: 0.8

sources: JVNDB: JVNDB-2022-018757

DESCRIPTION

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. Haxx of cURL Products from other vendors have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. A security vulnerability exists in curl versions 4.9 through 7.84. ========================================================================== Ubuntu Security Notice USN-5587-1 September 01, 2022 curl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: curl could be denied access to a HTTP(S) content if it recieved a specially crafted cookie. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTP(S) server might return a 400 (Bad Request Error) response. A malicious cookie host could possibly use this to cause denial-of-service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.4 libcurl3-gnutls 7.81.0-1ubuntu1.4 libcurl3-nss 7.81.0-1ubuntu1.4 libcurl4 7.81.0-1ubuntu1.4 Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.13 libcurl3-gnutls 7.68.0-1ubuntu2.13 libcurl3-nss 7.68.0-1ubuntu2.13 libcurl4 7.68.0-1ubuntu2.13 Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.20 libcurl3-gnutls 7.58.0-2ubuntu3.20 libcurl3-nss 7.58.0-2ubuntu3.20 libcurl4 7.58.0-2ubuntu3.20 Ubuntu 16.04 ESM: curl 7.47.0-1ubuntu2.19+esm5 libcurl3 7.47.0-1ubuntu2.19+esm5 libcurl3-gnutls 7.47.0-1ubuntu2.19+esm5 libcurl3-nss 7.47.0-1ubuntu2.19+esm5 Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm12 libcurl3 7.35.0-1ubuntu2.20+esm12 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm12 libcurl3-nss 7.35.0-1ubuntu2.20+esm12 In general, a standard system update will make all the necessary changes. Description: Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/ Security Fix(es): * CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command * CVE-2023-32314 vm2: Sandbox Escape * CVE-2023-32313 vm2: Inspect Manipulation 3. Solution: For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation for details on how to install the images: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online 4. Bugs fixed (https://bugzilla.redhat.com/): 2187525 - CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command 2208376 - CVE-2023-32314 vm2: Sandbox Escape 2208377 - CVE-2023-32313 vm2: Inspect Manipulation 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: curl security update Advisory ID: RHSA-2023:2478-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2478 Issue date: 2023-05-09 CVE Names: CVE-2022-35252 CVE-2022-43552 ==================================================================== 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: Incorrect handling of control code characters in cookies (CVE-2022-35252) * curl: Use-after-free triggered by an HTTP proxy deny response (CVE-2022-43552) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2120718 - CVE-2022-35252 curl: Incorrect handling of control code characters in cookies 2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): aarch64: curl-debuginfo-7.76.1-23.el9.aarch64.rpm curl-debugsource-7.76.1-23.el9.aarch64.rpm curl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm libcurl-debuginfo-7.76.1-23.el9.aarch64.rpm libcurl-devel-7.76.1-23.el9.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm ppc64le: curl-debuginfo-7.76.1-23.el9.ppc64le.rpm curl-debugsource-7.76.1-23.el9.ppc64le.rpm curl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm libcurl-debuginfo-7.76.1-23.el9.ppc64le.rpm libcurl-devel-7.76.1-23.el9.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm s390x: curl-debuginfo-7.76.1-23.el9.s390x.rpm curl-debugsource-7.76.1-23.el9.s390x.rpm curl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm libcurl-debuginfo-7.76.1-23.el9.s390x.rpm libcurl-devel-7.76.1-23.el9.s390x.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm x86_64: curl-debuginfo-7.76.1-23.el9.i686.rpm curl-debuginfo-7.76.1-23.el9.x86_64.rpm curl-debugsource-7.76.1-23.el9.i686.rpm curl-debugsource-7.76.1-23.el9.x86_64.rpm curl-minimal-debuginfo-7.76.1-23.el9.i686.rpm curl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm libcurl-debuginfo-7.76.1-23.el9.i686.rpm libcurl-debuginfo-7.76.1-23.el9.x86_64.rpm libcurl-devel-7.76.1-23.el9.i686.rpm libcurl-devel-7.76.1-23.el9.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 9): Source: curl-7.76.1-23.el9.src.rpm aarch64: curl-7.76.1-23.el9.aarch64.rpm curl-debuginfo-7.76.1-23.el9.aarch64.rpm curl-debugsource-7.76.1-23.el9.aarch64.rpm curl-minimal-7.76.1-23.el9.aarch64.rpm curl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm libcurl-7.76.1-23.el9.aarch64.rpm libcurl-debuginfo-7.76.1-23.el9.aarch64.rpm libcurl-minimal-7.76.1-23.el9.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm ppc64le: curl-7.76.1-23.el9.ppc64le.rpm curl-debuginfo-7.76.1-23.el9.ppc64le.rpm curl-debugsource-7.76.1-23.el9.ppc64le.rpm curl-minimal-7.76.1-23.el9.ppc64le.rpm curl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm libcurl-7.76.1-23.el9.ppc64le.rpm libcurl-debuginfo-7.76.1-23.el9.ppc64le.rpm libcurl-minimal-7.76.1-23.el9.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm s390x: curl-7.76.1-23.el9.s390x.rpm curl-debuginfo-7.76.1-23.el9.s390x.rpm curl-debugsource-7.76.1-23.el9.s390x.rpm curl-minimal-7.76.1-23.el9.s390x.rpm curl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm libcurl-7.76.1-23.el9.s390x.rpm libcurl-debuginfo-7.76.1-23.el9.s390x.rpm libcurl-minimal-7.76.1-23.el9.s390x.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm x86_64: curl-7.76.1-23.el9.x86_64.rpm curl-debuginfo-7.76.1-23.el9.i686.rpm curl-debuginfo-7.76.1-23.el9.x86_64.rpm curl-debugsource-7.76.1-23.el9.i686.rpm curl-debugsource-7.76.1-23.el9.x86_64.rpm curl-minimal-7.76.1-23.el9.x86_64.rpm curl-minimal-debuginfo-7.76.1-23.el9.i686.rpm curl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm libcurl-7.76.1-23.el9.i686.rpm libcurl-7.76.1-23.el9.x86_64.rpm libcurl-debuginfo-7.76.1-23.el9.i686.rpm libcurl-debuginfo-7.76.1-23.el9.x86_64.rpm libcurl-minimal-7.76.1-23.el9.i686.rpm libcurl-minimal-7.76.1-23.el9.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-35252 https://access.redhat.com/security/cve/CVE-2022-43552 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFo0V9zjgjWX9erEAQhmTw/9FUwLCGRKCmddNVTMAaay54EPggJFOPKx nN06YIqiK5arkX4SD58YZrX9J0gUZcwGs6s5WO35pG3F+qJXhe8E8fbzavqRG5NB oxG+pDC5+6xQxK41tkuLYJoUhF1w4yG8SuMSzroLcpbut/MAjKGGw4qgyNGit1Su xFGrDTyFxtj+tUZIQCil0HAqlXswQ7G2ukB9kQBpxNRfR0V2ANfmfkkGj8+xWauh L1PcaDezNWgAbgWbuf3mHNiwDMxWsNfcwCbx3P8sF+vRe7q5RdIFNL1oXJkPxQVy C6L29KcaLYxToNmUNyrOncWAj8KSlrDngVq3NXnG34lVzqz2t/ouc/0lX4Jc9qTL mGwYoXvlTqQgV4hGQPfDufApaukxgZfcSidSfqlNt1amYYNiYcvIyf15dht87ipB 27ahZWDKvunB4gqMG62XNHyiu9bKmDCyL57ggUBt3wxJ7H9M/OgjsI7C/i/10SMT D75GjYaU2TWyGLd4SvbV6/3pA3zAZ0Ffqc66uANwfBXC7jFd2/ykEBir3vJYTq17 r2YWYgH2sma5kwb7ZHQhLKk+N2a0g1KX+Mr0V2wJ+yAYwkbz6wu/BVDXstBFkumJ /iKmtOn0Mk07wo/3wvWu5M4tk4kZzmLzs1/ybH3GWOUbFUxbqgOos3/0Vi/uSW88 Yxf4bV/uBmU=HlZ2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying the VolSync operator, it can create and maintain copies of your persistent data. For more information about VolSync, see: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync or the VolSync open source community website at: https://volsync.readthedocs.io/en/stable/. Security fix(es): * CVE-2023-3089 openshift: OCP & FIPS mode 3. Bugs fixed (https://bugzilla.redhat.com/): 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 5. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/): 2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read 2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match() 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection 2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification 2120718 - CVE-2022-35252 curl: control code in cookie denial of service 2135411 - CVE-2022-32221 curl: POST following PUT confusion 2135413 - CVE-2022-42915 curl: HTTP proxy double-free 2135416 - CVE-2022-42916 curl: HSTS bypass via IDN 6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Background ========= A command line tool and library for transferring data with URLs. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.86.0 >= 7.86.0 Description ========== Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All curl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0" References ========= [ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202212-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3 macOS Monterey 12.6.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213604. AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to access user-sensitive data Description: This issue was addressed by enabling hardened runtime. CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog) curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.86.0. CVE-2022-42915 CVE-2022-42916 CVE-2022-32221 CVE-2022-35260 curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.85.0. CVE-2022-35252 dcerpc Available for: macOS Monterey Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco Talos DiskArbitration Available for: macOS Monterey Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com) DriverKit Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03) Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2023-23507: an anonymous researcher Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-23504: Adam Doupé of ASU SEFCOM Kernel Available for: macOS Monterey Impact: An app may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. (@starlabs_sg) PackageKit Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2023-23497: Mickey Jin (@patch1t) Screen Time Available for: macOS Monterey Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog) Weather Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 248268 CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE WebKit Bugzilla: 248268 CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE Windows Installer Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23508: Mickey Jin (@patch1t) Additional recognition Kernel We would like to acknowledge Nick Stenning of Replicate for their assistance. macOS Monterey 12.6.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. The following advisory data is extracted from: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0428.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment

Trust: 2.79

sources: NVD: CVE-2022-35252 // JVNDB: JVNDB-2022-018757 // VULHUB: VHN-428403 // VULMON: CVE-2022-35252 // PACKETSTORM: 168239 // PACKETSTORM: 172378 // PACKETSTORM: 172587 // PACKETSTORM: 172195 // PACKETSTORM: 174080 // PACKETSTORM: 170166 // PACKETSTORM: 170165 // PACKETSTORM: 170303 // PACKETSTORM: 170697 // PACKETSTORM: 170698 // PACKETSTORM: 176746

AFFECTED PRODUCTS

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:netappmodel:bootstrap osscope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:eqversion:9.1.0

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:element softwarescope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:8.2.12

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.6.3

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:9.0.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.7.3

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:9.0.0

Trust: 1.0

vendor:haxxmodel:curlscope:ltversion:7.85.0

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:8.2.0

Trust: 1.0

vendor:netappmodel:hci management nodescope: - version: -

Trust: 0.8

vendor:netappmodel:clustered data ontapscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:11.0 that's all 11.7.3

Trust: 0.8

vendor:haxxmodel:curlscope: - version: -

Trust: 0.8

vendor:netappmodel:h700sscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:12.0.0 that's all 12.6.3

Trust: 0.8

vendor:netappmodel:h500sscope: - version: -

Trust: 0.8

vendor:netappmodel:h410sscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:netappmodel:solidfirescope: - version: -

Trust: 0.8

vendor:netappmodel:bootstrap osscope: - version: -

Trust: 0.8

vendor:netappmodel:h300sscope: - version: -

Trust: 0.8

vendor:netappmodel:element softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-018757 // NVD: CVE-2022-35252

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-35252
value: LOW

Trust: 1.0

NVD: CVE-2022-35252
value: LOW

Trust: 0.8

CNNVD: CNNVD-202208-4523
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2022-35252
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-35252
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018757 // CNNVD: CNNVD-202208-4523 // NVD: CVE-2022-35252

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018757 // NVD: CVE-2022-35252

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-4523

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-4523

PATCH

title:HT213604url:https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html

Trust: 0.8

title:curl Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=206230

Trust: 0.6

title:Debian CVElist Bug Report Logs: curl: CVE-2022-35252: control code in cookie denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=f071eb46e3ac96bc3c50d0406c2d0685

Trust: 0.1

title: - url:https://github.com/JtMotoX/docker-trivy

Trust: 0.1

sources: VULMON: CVE-2022-35252 // JVNDB: JVNDB-2022-018757 // CNNVD: CNNVD-202208-4523

EXTERNAL IDS

db:NVDid:CVE-2022-35252

Trust: 4.5

db:HACKERONEid:1613943

Trust: 2.5

db:PACKETSTORMid:168239

Trust: 0.8

db:ICS CERTid:ICSA-23-103-09

Trust: 0.8

db:ICS CERTid:ICSA-23-075-01

Trust: 0.8

db:ICS CERTid:ICSA-23-131-05

Trust: 0.8

db:ICS CERTid:ICSA-23-166-12

Trust: 0.8

db:JVNid:JVNVU98195668

Trust: 0.8

db:JVNid:JVNVU99752892

Trust: 0.8

db:JVNid:JVNVU94715153

Trust: 0.8

db:JVNid:JVNVU99464755

Trust: 0.8

db:JVNDBid:JVNDB-2022-018757

Trust: 0.8

db:CNNVDid:CNNVD-202208-4523

Trust: 0.7

db:PACKETSTORMid:170698

Trust: 0.7

db:AUSCERTid:ESB-2022.4343

Trust: 0.6

db:AUSCERTid:ESB-2022.6333

Trust: 0.6

db:AUSCERTid:ESB-2022.4375

Trust: 0.6

db:AUSCERTid:ESB-2023.3732

Trust: 0.6

db:AUSCERTid:ESB-2023.2163

Trust: 0.6

db:AUSCERTid:ESB-2023.3143

Trust: 0.6

db:AUSCERTid:ESB-2023.3060

Trust: 0.6

db:AUSCERTid:ESB-2022.4374

Trust: 0.6

db:VULHUBid:VHN-428403

Trust: 0.1

db:VULMONid:CVE-2022-35252

Trust: 0.1

db:PACKETSTORMid:172378

Trust: 0.1

db:PACKETSTORMid:172587

Trust: 0.1

db:PACKETSTORMid:172195

Trust: 0.1

db:PACKETSTORMid:174080

Trust: 0.1

db:PACKETSTORMid:170166

Trust: 0.1

db:PACKETSTORMid:170165

Trust: 0.1

db:PACKETSTORMid:170303

Trust: 0.1

db:PACKETSTORMid:170697

Trust: 0.1

db:PACKETSTORMid:176746

Trust: 0.1

sources: VULHUB: VHN-428403 // VULMON: CVE-2022-35252 // JVNDB: JVNDB-2022-018757 // PACKETSTORM: 168239 // PACKETSTORM: 172378 // PACKETSTORM: 172587 // PACKETSTORM: 172195 // PACKETSTORM: 174080 // PACKETSTORM: 170166 // PACKETSTORM: 170165 // PACKETSTORM: 170303 // PACKETSTORM: 170697 // PACKETSTORM: 170698 // PACKETSTORM: 176746 // CNNVD: CNNVD-202208-4523 // NVD: CVE-2022-35252

REFERENCES

url:https://security.gentoo.org/glsa/202212-01

Trust: 2.6

url:http://seclists.org/fulldisclosure/2023/jan/20

Trust: 2.5

url:http://seclists.org/fulldisclosure/2023/jan/21

Trust: 2.5

url:https://hackerone.com/reports/1613943

Trust: 2.5

url:https://security.netapp.com/advisory/ntap-20220930-0005/

Trust: 1.7

url:https://support.apple.com/kb/ht213603

Trust: 1.7

url:https://support.apple.com/kb/ht213604

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-35252

Trust: 1.6

url:https://access.redhat.com/security/cve/cve-2022-35252

Trust: 1.2

url:https://jvn.jp/vu/jvnvu99464755/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99752892/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu94715153/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu98195668/

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-12

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-01

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-05

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://packetstormsecurity.com/files/170698/apple-security-advisory-2023-01-23-6.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3143

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.2163

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3060

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-35252/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3732

Trust: 0.6

url:https://support.apple.com/en-us/ht213604

Trust: 0.6

url:https://vigilance.fr/vulnerability/curl-denial-of-service-via-cookies-control-codes-39156

Trust: 0.6

url:https://packetstormsecurity.com/files/168239/ubuntu-security-notice-usn-5587-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4374

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4343

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4375

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6333

Trust: 0.6

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-43552

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-32221

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-43552

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-32207

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-32206

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-32208

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-0361

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-27535

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-36227

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-28614

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23943

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-32207

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22721

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-26377

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-32206

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-30522

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-31813

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42915

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-28615

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42916

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22721

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-31813

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2068

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-28614

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-28330

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1292

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-28615

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-2068

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-28330

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-32208

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26377

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1292

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23943

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-30522

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-32221

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-35260

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-42916

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-42915

Trust: 0.2

url:https://support.apple.com/downloads/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-23497

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-23505

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-23499

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-23508

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://support.apple.com/en-us/ht201222.

Trust: 0.2

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018831

Trust: 0.1

url:https://github.com/jtmotox/docker-trivy

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.20

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5587-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.4

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.13

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:2963

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3619

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41674

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42721

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30594

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2196

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3625

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-43750

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-4129

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41218

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3239

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3522

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26341

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3239

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-25815

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42722

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1679

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2663

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3707

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-1582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1462

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-22490

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3028

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-20141

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-32314

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-47929

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-39188

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2663

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-32313

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-1999

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-26341

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1789

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3627

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1789

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-20141

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-28856

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2196

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-23454

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25265

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3524

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-39189

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33656

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3970

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3028

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3567

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33656

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0394

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0461

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33655

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-25652

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33655

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:3326

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3628

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3564

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-1195

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-23946

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42703

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25265

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3522

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-29007

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1462

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1679

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:2478

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-1667

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-2283

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0361

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24736

Trust: 0.1

url:https://volsync.readthedocs.io/en/stable/.

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:4576

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-38408

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24736

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-2283

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync-rep

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-3089

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-24329

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-1667

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-26604

Trust: 0.1

url:https://access.redhat.com/security/vulnerabilities/rhsb-2023-001

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-24329

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-27535

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-38408

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-3089

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-26604

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-36227

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:8840

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40674

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:8841

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40303

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40304

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-37434

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22922

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27782

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27776

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27779

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30115

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22576

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22926

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27781

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22945

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27775

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27780

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22923

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23507

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23493

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23504

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32915

Trust: 0.1

url:https://support.apple.com/ht213604.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23502

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23518

Trust: 0.1

url:https://support.apple.com/ht213603.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23517

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23513

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2152652

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2024:0428

Trust: 0.1

url:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0428.json

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2179073

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2120718

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2179092

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2252030

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=2196793

Trust: 0.1

sources: VULHUB: VHN-428403 // VULMON: CVE-2022-35252 // JVNDB: JVNDB-2022-018757 // PACKETSTORM: 168239 // PACKETSTORM: 172378 // PACKETSTORM: 172587 // PACKETSTORM: 172195 // PACKETSTORM: 174080 // PACKETSTORM: 170166 // PACKETSTORM: 170165 // PACKETSTORM: 170303 // PACKETSTORM: 170697 // PACKETSTORM: 170698 // PACKETSTORM: 176746 // CNNVD: CNNVD-202208-4523 // NVD: CVE-2022-35252

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 172378 // PACKETSTORM: 172587 // PACKETSTORM: 172195 // PACKETSTORM: 174080 // PACKETSTORM: 170166 // PACKETSTORM: 170165 // PACKETSTORM: 176746

SOURCES

db:VULHUBid:VHN-428403
db:VULMONid:CVE-2022-35252
db:JVNDBid:JVNDB-2022-018757
db:PACKETSTORMid:168239
db:PACKETSTORMid:172378
db:PACKETSTORMid:172587
db:PACKETSTORMid:172195
db:PACKETSTORMid:174080
db:PACKETSTORMid:170166
db:PACKETSTORMid:170165
db:PACKETSTORMid:170303
db:PACKETSTORMid:170697
db:PACKETSTORMid:170698
db:PACKETSTORMid:176746
db:CNNVDid:CNNVD-202208-4523
db:NVDid:CVE-2022-35252

LAST UPDATE DATE

2024-11-07T21:11:20.567000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-428403date:2023-03-01T00:00:00
db:JVNDBid:JVNDB-2022-018757date:2023-10-23T07:11:00
db:CNNVDid:CNNVD-202208-4523date:2023-06-30T00:00:00
db:NVDid:CVE-2022-35252date:2024-03-27T15:00:36.607

SOURCES RELEASE DATE

db:VULHUBid:VHN-428403date:2022-09-23T00:00:00
db:JVNDBid:JVNDB-2022-018757date:2023-10-23T00:00:00
db:PACKETSTORMid:168239date:2022-09-02T15:21:41
db:PACKETSTORMid:172378date:2023-05-16T17:09:54
db:PACKETSTORMid:172587date:2023-05-26T14:34:05
db:PACKETSTORMid:172195date:2023-05-09T15:14:58
db:PACKETSTORMid:174080date:2023-08-09T15:56:32
db:PACKETSTORMid:170166date:2022-12-08T21:28:44
db:PACKETSTORMid:170165date:2022-12-08T21:28:21
db:PACKETSTORMid:170303date:2022-12-19T13:48:31
db:PACKETSTORMid:170697date:2023-01-24T16:41:07
db:PACKETSTORMid:170698date:2023-01-24T16:41:28
db:PACKETSTORMid:176746date:2024-01-26T15:24:15
db:CNNVDid:CNNVD-202208-4523date:2022-08-31T00:00:00
db:NVDid:CVE-2022-35252date:2022-09-23T14:15:12.323