ID

VAR-202210-0997


CVE

CVE-2022-40303


TITLE

xmlsoft.org  of  libxml2  Integer overflow vulnerability in products from other vendors

Trust: 0.8

sources: JVNDB: JVNDB-2022-023015

DESCRIPTION

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. xmlsoft.org of libxml2 Products from other vendors contain integer overflow vulnerabilities.Service operation interruption (DoS) It may be in a state. libxml2 is an open source library for parsing XML documents. It is written in C language and can be called by many languages, such as C language, C++, XSH. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Security fixes: * CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags Bugs addressed: * Build Submariner 0.13.3 (ACM-2226) * Verify Submariner with OCP 4.12 (ACM-2435) * Submariner does not support cluster "kube-proxy ipvs mode" (ACM-2821) 3. Bugs fixed (https://bugzilla.redhat.com/): 2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 5. JIRA issues fixed (https://issues.jboss.org/): ACM-2226 - [ACM 2.6.4] Build Submariner 0.13.3 ACM-2435 - [ACM 2.6.4] Verify Submariner with OCP 4.12 ACM-2821 - [Submariner] - 0.13.3 - Submariner does not support cluster "kube-proxy ipvs mode" 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift (Logging Subsystem) security update Advisory ID: RHSA-2023:0634-01 Product: Logging Subsystem for Red Hat OpenShift Advisory URL: https://access.redhat.com/errata/RHSA-2023:0634 Issue date: 2023-02-09 CVE Names: CVE-2021-35065 CVE-2021-46848 CVE-2022-3821 CVE-2022-4883 CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-43680 CVE-2022-44617 CVE-2022-46175 CVE-2022-46285 ==================================================================== 1. Summary: Logging Subsystem 5.6.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Logging Subsystem 5.6.1 - Red Hat OpenShift Security Fix(es): * glob-parent: Regular Expression Denial of Service (CVE-2021-35065) * json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method 2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service 5. JIRA issues fixed (https://issues.jboss.org/): LOG-3397 - [Developer Console] "parse error" when testing with normal user LOG-3441 - [Administrator Console] Seeing "parse error" while using Severity filter for cluster view user LOG-3463 - [release-5.6] ElasticsearchError error="400 - Rejected by Elasticsearch" when adding some labels in application namespaces LOG-3477 - [Logging 5.6.0]CLF raises 'invalid: unrecognized outputs: [default]' after adding `default` to outputRefs. LOG-3494 - [release-5.6] After querying logs in loki, compactor pod raises many TLS handshake error if retention policy is enabled. LOG-3496 - [release-5.6] LokiStack status is still 'Pending' when all loki components are running LOG-3510 - [release-5.6] TLS errors on Loki controller pod due to bad certificate 6. References: https://access.redhat.com/security/cve/CVE-2021-35065 https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-3821 https://access.redhat.com/security/cve/CVE-2022-4883 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-43680 https://access.redhat.com/security/cve/CVE-2022-44617 https://access.redhat.com/security/cve/CVE-2022-46175 https://access.redhat.com/security/cve/CVE-2022-46285 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. Description: Version 1.27.1 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. Solution: See the Red Hat OpenShift Container Platform 4.9 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index See the Red Hat OpenShift Container Platform 4.10 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index See the Red Hat OpenShift Container Platform 4.11 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index See the Red Hat OpenShift Container Platform 4.12 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index 4. Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. Description: Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud. For more information about Submariner, see the Submariner open source community website at: https://submariner.io/. This advisory contains bug fixes and enhancements to the Submariner container images. Security fixes: * CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY * CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps * CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests Bugs addressed: * subctl diagnose firewall metrics does not work on merged kubeconfig (BZ# 2013711) * [Submariner] - Fails to increase gateway amount after deployment (BZ# 2097381) * Submariner gateway node does not get deleted with subctl cloud cleanup command (BZ# 2108634) * submariner GW pods are unable to resolve the DNS of the Broker K8s API URL (BZ# 2119362) * Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack (BZ# 2124219) * unable to run subctl benchmark latency, pods fail with ImagePullBackOff (BZ# 2130326) * [IBM Z] - Submariner addon unistallation doesnt work from ACM console (BZ# 2136442) * Tags on AWS security group for gateway node break cloud-controller LoadBalancer (BZ# 2139477) * RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242) * Submariner OVN support (ACM-1358) * Submariner Azure Console support (ACM-1388) * ManagedClusterSet consumers migrate to v1beta2 (ACM-1614) * Submariner on disconnected ACM #22000 (ACM-1678) * Submariner gateway: Error creating AWS security group if already exists (ACM-2055) * Submariner gateway security group in AWS not deleted when uninstalling submariner (ACM-2057) * The submariner-metrics-proxy pod pulls an image with wrong naming convention (ACM-2058) * The submariner-metrics-proxy pod is not part of the Agent readiness check (ACM-2067) * Subctl 0.14.0 prints version "vsubctl" (ACM-2132) * managedclusters "local-cluster" not found and missing Submariner Broker CRD (ACM-2145) * Add support of ARO to Submariner deployment (ACM-2150) * The e2e tests execution fails for "Basic TCP connectivity" tests (ACM-2204) * Gateway error shown "diagnose all" tests (ACM-2206) * Submariner does not support cluster "kube-proxy ipvs mode"(ACM-2211) * Vsphere cluster shows Pod Security admission controller warnings (ACM-2256) * Cannot use submariner with OSP and self signed certs (ACM-2274) * Subctl diagnose tests spawn nettest image with wrong tag nameing convention (ACM-2387) * Subctl 0.14.1 prints version "devel" (ACM-2482) 3. Bugs fixed (https://bugzilla.redhat.com/): 2013711 - subctl diagnose firewall metrics does not work on merged kubeconfig 2097381 - [Submariner] - Fails to increase gateway amount after deployment 2108634 - Submariner gateway node does not get deleted with subctl cloud cleanup command 2119362 - submariner GW pods are unable to resolve the DNS of the Broker K8s API URL 2124219 - Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2130326 - unable to run subctl benchmark latency, pods fail with ImagePullBackOff 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2136442 - [IBM Z] - Submariner addon unistallation doesnt work from ACM console 2139477 - Tags on AWS security group for gateway node break cloud-controller LoadBalancer 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed (https://issues.jboss.org/): ACM-1614 - ManagedClusterSet consumers migrate to v1beta2 (Submariner) ACM-2055 - Submariner gateway: Error creating AWS security group if already exists ACM-2057 - [Submariner] - submariner gateway security group in aws not deleted when uninstalling submariner ACM-2058 - [Submariner] - The submariner-metrics-proxy pod pulls an image with wrong naming convention ACM-2067 - [Submariner] - The submariner-metrics-proxy pod is not part of the Agent readiness check ACM-2132 - Subctl 0.14.0 prints version "vsubctl" ACM-2145 - managedclusters "local-cluster" not found and missing Submariner Broker CRD ACM-2150 - Add support of ARO to Submariner deployment ACM-2204 - [Submariner] - e2e tests execution fails for "Basic TCP connectivity" tests ACM-2206 - [Submariner] - Gateway error shown "diagnose all" tests ACM-2211 - [Submariner] - Submariner does not support cluster "kube-proxy ipvs mode" ACM-2256 - [Submariner] - Vsphere cluster shows Pod Security admission controller warnings ACM-2274 - Cannot use submariner with OSP and self signed certs ACM-2387 - [Submariner] - subctl diagnose tests spawn nettest image with wrong tag nameing convention ACM-2482 - Subctl 0.14.1 prints version "devel" 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-12-13-8 watchOS 9.2 watchOS 9.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213536. Accounts Available for: Apple Watch Series 4 and later Impact: A user may be able to view sensitive user information Description: This issue was addressed with improved data protection. CVE-2022-42843: Mickey Jin (@patch1t) AppleAVD Available for: Apple Watch Series 4 and later Impact: Parsing a maliciously crafted video file may lead to kernel code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46694: Andrey Labunets and Nikita Tarakanov AppleMobileFileIntegrity Available for: Apple Watch Series 4 and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by enabling hardened runtime. CVE-2022-42865: Wojciech Reguła (@_r3ggi) of SecuRing CoreServices Available for: Apple Watch Series 4 and later Impact: An app may be able to bypass Privacy preferences Description: Multiple issues were addressed by removing the vulnerable code. CVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of Offensive Security ImageIO Available for: Apple Watch Series 4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46693: Mickey Jin (@patch1t) IOHIDFamily Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42864: Tommy Muir (@Muirey03) IOMobileFrameBuffer Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46690: John Aakerblom (@jaakerblom) iTunes Store Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation. CVE-2022-42837: an anonymous researcher Kernel Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with additional validation. CVE-2022-46689: Ian Beer of Google Project Zero Kernel Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year Lab Kernel Available for: Apple Watch Series 4 and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42845: Adam Doupé of ASU SEFCOM libxml2 Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2022-40303: Maddie Stone of Google Project Zero libxml2 Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project Zero Safari Available for: Apple Watch Series 4 and later Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2022-46695: KirtiKumar Anandrao Ramchandani Software Update Available for: Apple Watch Series 4 and later Impact: A user may be able to elevate privileges Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions. CVE-2022-42849: Mickey Jin (@patch1t) Weather Available for: Apple Watch Series 4 and later Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches. CVE-2022-42866: an anonymous researcher WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 245521 CVE-2022-42867: Maddie Stone of Google Project Zero WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. WebKit Bugzilla: 245466 CVE-2022-46691: an anonymous researcher WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may bypass Same Origin Policy Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 246783 CVE-2022-46692: KirtiKumar Anandrao Ramchandani WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day Initiative WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. WebKit Bugzilla: 246942 CVE-2022-46696: Samuel Groß of Google V8 Security WebKit Bugzilla: 247562 CVE-2022-46700: Samuel Groß of Google V8 Security WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved checks. CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 247420 CVE-2022-46699: Samuel Groß of Google V8 Security WebKit Bugzilla: 244622 CVE-2022-42863: an anonymous researcher Additional recognition Kernel We would like to acknowledge Zweig of Kunlun Lab for their assistance. Safari Extensions We would like to acknowledge Oliver Dunk and Christian R. of 1Password for their assistance. WebKit We would like to acknowledge an anonymous researcher and scarlet for their assistance. Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFX4ACgkQ4RjMIDke NxlyKA//eeU/txeqNxHM7JQE6xFrlla1tinQYMjbLhMgzdTbKpPjX8aHVqFfLB/Q 5nH+NqrGs4HQwNQJ6fSiBIId0th71mgX7W3Noa1apzFh7Okl6IehczkAFB9OH7ve vnwiEECGU0hUNmbIi0s9HuuBo6eSNPFsJt0Jqn8ovV+F9bc+ftl/IRv6q2vg3rl3 DNag62BCmCN4uXmqoJ4CKg7cNbddvma0bDbB1yYujxdmFwm4JGN6aittXE3WtPK2 GH2/UxdZll8FR7Zegh1ziUcTaLR4dwHlXRFgc6WC8hqx6T8imNh1heAPwzhT+Iag piObDoMs7UYFKF/eQ8LUcl4hX8IOdLFO5I+BcvCzOcKqHutPqbE8QRU9yqjcQlsJ sOV7GT9W9J+QhibpIJbLVkkQp5djPZ8mLP0OKiRN1quEDWMrquPdM+r9ftJwEIki PLL/ur9c7geXCJCLzglMSMkNcoGZk77qzfJuPdoE0lD6zjdvBHalF5j8S0a1+9gi ex3zU1I+ixqg7CvLNfkSjLcO9KOoPEFHnqEFrrO17QWWyraugrPgV0dMYArGRBpA FofYP6bXLv8eSUNuyOoQxF6kS4ChYgLUabl2NYqop9LoRWAtDAclTiabuvDJPfqA W09wxdhbpp2saxt8LlQjffzOmHJST6oHhHZiFiFswRM0q0nue6I= =DltD -----END PGP SIGNATURE----- . Bugs fixed (https://bugzilla.redhat.com/): 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2162200 - CVE-2022-31690 spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client 2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: libxml2: Multiple Vulnerabilities Date: October 31, 2022 Bugs: #877149 ID: 202210-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution. Background ========== libxml2 is the XML C parser and toolkit developed for the GNOME project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.10.3 >= 2.10.3 Description =========== Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.10.3" References ========== [ 1 ] CVE-2022-40303 https://nvd.nist.gov/vuln/detail/CVE-2022-40303 [ 2 ] CVE-2022-40304 https://nvd.nist.gov/vuln/detail/CVE-2022-40304 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202210-39 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.43

sources: NVD: CVE-2022-40303 // JVNDB: JVNDB-2022-023015 // VULHUB: VHN-429429 // PACKETSTORM: 171026 // PACKETSTORM: 170955 // PACKETSTORM: 171318 // PACKETSTORM: 170898 // PACKETSTORM: 169857 // PACKETSTORM: 170318 // PACKETSTORM: 171399 // PACKETSTORM: 169620

AFFECTED PRODUCTS

vendor:netappmodel:ontap select deploy administration utilityscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410cscope:eqversion: -

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:16.2

Trust: 1.0

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:netappmodel:clustered data ontap antivirus connectorscope:eqversion: -

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.7.2

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.7.2

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:xmlsoftmodel:libxml2scope:ltversion:2.10.3

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.6.2

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.7.2

Trust: 1.0

vendor:netappmodel:manageability sdkscope:eqversion: -

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:snapmanagerscope:eqversion: -

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:9.2

Trust: 1.0

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:netappmodel:active iq unified managerscope: - version: -

Trust: 0.8

vendor:netappmodel:h410cscope: - version: -

Trust: 0.8

vendor:netappmodel:manageability sdkscope: - version: -

Trust: 0.8

vendor:netappmodel:clustered data ontap antivirus connectorscope: - version: -

Trust: 0.8

vendor:netappmodel:h700sscope: - version: -

Trust: 0.8

vendor:xmlsoftmodel:libxml2scope: - version: -

Trust: 0.8

vendor:netappmodel:ontap select deploy administration utilityscope: - version: -

Trust: 0.8

vendor:netappmodel:ontapscope: - version: -

Trust: 0.8

vendor:netappmodel:h300sscope: - version: -

Trust: 0.8

vendor:netappmodel:h410sscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:netappmodel:h500sscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope:eqversion:9.2

Trust: 0.8

vendor:netappmodel:snapmanagerscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023015 // NVD: CVE-2022-40303

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-40303
value: HIGH

Trust: 1.0

NVD: CVE-2022-40303
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202210-1031
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-40303
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-40303
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023015 // CNNVD: CNNVD-202210-1031 // NVD: CVE-2022-40303

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

problemtype:Integer overflow or wraparound (CWE-190) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-429429 // JVNDB: JVNDB-2022-023015 // NVD: CVE-2022-40303

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-1031

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-1031

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-429429

PATCH

title:HT213535url:https://security.netapp.com/advisory/ntap-20221209-0003/

Trust: 0.8

title:libxml2 Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=215562

Trust: 0.6

sources: JVNDB: JVNDB-2022-023015 // CNNVD: CNNVD-202210-1031

EXTERNAL IDS

db:NVDid:CVE-2022-40303

Trust: 4.1

db:PACKETSTORMid:169857

Trust: 0.8

db:PACKETSTORMid:170318

Trust: 0.8

db:PACKETSTORMid:169620

Trust: 0.8

db:PACKETSTORMid:170955

Trust: 0.8

db:ICS CERTid:ICSA-24-165-10

Trust: 0.8

db:ICS CERTid:ICSA-24-102-08

Trust: 0.8

db:ICS CERTid:ICSA-24-165-06

Trust: 0.8

db:ICS CERTid:ICSA-25-044-09

Trust: 0.8

db:ICS CERTid:ICSA-24-165-04

Trust: 0.8

db:JVNid:JVNVU99836374

Trust: 0.8

db:JVNid:JVNVU95962757

Trust: 0.8

db:JVNid:JVNVU93250330

Trust: 0.8

db:JVNDBid:JVNDB-2022-023015

Trust: 0.8

db:PACKETSTORMid:169825

Trust: 0.7

db:PACKETSTORMid:170555

Trust: 0.7

db:PACKETSTORMid:169732

Trust: 0.7

db:PACKETSTORMid:170097

Trust: 0.7

db:PACKETSTORMid:170754

Trust: 0.7

db:CNNVDid:CNNVD-202210-1031

Trust: 0.7

db:AUSCERTid:ESB-2023.0246

Trust: 0.6

db:AUSCERTid:ESB-2023.3732

Trust: 0.6

db:AUSCERTid:ESB-2023.1467

Trust: 0.6

db:AUSCERTid:ESB-2022.5286

Trust: 0.6

db:AUSCERTid:ESB-2023.3143

Trust: 0.6

db:AUSCERTid:ESB-2022.6321

Trust: 0.6

db:AUSCERTid:ESB-2022.5792.2

Trust: 0.6

db:AUSCERTid:ESB-2023.0816

Trust: 0.6

db:AUSCERTid:ESB-2023.1501

Trust: 0.6

db:AUSCERTid:ESB-2022.5614

Trust: 0.6

db:AUSCERTid:ESB-2023.1267

Trust: 0.6

db:AUSCERTid:ESB-2023.0513

Trust: 0.6

db:AUSCERTid:ESB-2022.5455

Trust: 0.6

db:AUSCERTid:ESB-2023.1041

Trust: 0.6

db:AUSCERTid:ESB-2023.1398

Trust: 0.6

db:CXSECURITYid:WLB-2022110019

Trust: 0.6

db:PACKETSTORMid:170317

Trust: 0.1

db:PACKETSTORMid:170316

Trust: 0.1

db:PACKETSTORMid:170753

Trust: 0.1

db:PACKETSTORMid:171016

Trust: 0.1

db:PACKETSTORMid:171173

Trust: 0.1

db:PACKETSTORMid:171043

Trust: 0.1

db:PACKETSTORMid:170752

Trust: 0.1

db:PACKETSTORMid:170899

Trust: 0.1

db:PACKETSTORMid:170096

Trust: 0.1

db:PACKETSTORMid:170312

Trust: 0.1

db:PACKETSTORMid:169858

Trust: 0.1

db:PACKETSTORMid:171042

Trust: 0.1

db:PACKETSTORMid:171017

Trust: 0.1

db:PACKETSTORMid:170315

Trust: 0.1

db:PACKETSTORMid:171040

Trust: 0.1

db:PACKETSTORMid:171260

Trust: 0.1

db:VULHUBid:VHN-429429

Trust: 0.1

db:PACKETSTORMid:171026

Trust: 0.1

db:PACKETSTORMid:171318

Trust: 0.1

db:PACKETSTORMid:170898

Trust: 0.1

db:PACKETSTORMid:171399

Trust: 0.1

sources: VULHUB: VHN-429429 // JVNDB: JVNDB-2022-023015 // PACKETSTORM: 171026 // PACKETSTORM: 170955 // PACKETSTORM: 171318 // PACKETSTORM: 170898 // PACKETSTORM: 169857 // PACKETSTORM: 170318 // PACKETSTORM: 171399 // PACKETSTORM: 169620 // CNNVD: CNNVD-202210-1031 // NVD: CVE-2022-40303

REFERENCES

url:http://seclists.org/fulldisclosure/2022/dec/21

Trust: 2.5

url:http://seclists.org/fulldisclosure/2022/dec/24

Trust: 2.5

url:http://seclists.org/fulldisclosure/2022/dec/25

Trust: 2.5

url:http://seclists.org/fulldisclosure/2022/dec/26

Trust: 2.5

url:http://seclists.org/fulldisclosure/2022/dec/27

Trust: 1.9

url:https://security.netapp.com/advisory/ntap-20221209-0003/

Trust: 1.7

url:https://support.apple.com/kb/ht213531

Trust: 1.7

url:https://support.apple.com/kb/ht213533

Trust: 1.7

url:https://support.apple.com/kb/ht213534

Trust: 1.7

url:https://support.apple.com/kb/ht213535

Trust: 1.7

url:https://support.apple.com/kb/ht213536

Trust: 1.7

url:https://gitlab.gnome.org/gnome/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0

Trust: 1.7

url:https://gitlab.gnome.org/gnome/libxml2/-/tags/v2.10.3

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-40303

Trust: 1.4

url:https://jvn.jp/vu/jvnvu99836374/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu93250330/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu95962757/

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-102-08

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-04

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-06

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-10

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-09

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2023.1041

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3143

Trust: 0.6

url:https://packetstormsecurity.com/files/170555/red-hat-security-advisory-2023-0173-01.html

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-40303/

Trust: 0.6

url:https://packetstormsecurity.com/files/169825/libxml2-xmlparsenamecomplex-integer-overflow.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1267

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1467

Trust: 0.6

url:https://packetstormsecurity.com/files/170318/apple-security-advisory-2022-12-13-8.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1501

Trust: 0.6

url:https://support.apple.com/en-us/ht213505

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2022110019

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5286

Trust: 0.6

url:https://packetstormsecurity.com/files/170955/red-hat-security-advisory-2023-0634-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/169857/apple-security-advisory-2022-11-09-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/170754/red-hat-security-advisory-2023-0468-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/170097/ubuntu-security-notice-usn-5760-2.html

Trust: 0.6

url:https://support.apple.com/en-us/ht213534

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3732

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0246

Trust: 0.6

url:https://packetstormsecurity.com/files/169732/debian-security-advisory-5271-1.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/libxml2-three-vulnerabilities-39554

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1398

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0816

Trust: 0.6

url:https://packetstormsecurity.com/files/169620/gentoo-linux-security-advisory-202210-39.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6321

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0513

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5792.2

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5455

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5614

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-35737

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-40304

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-46848

Trust: 0.5

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-46848

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-40303

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-40304

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-43680

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-42012

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-42010

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-42011

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-3821

Trust: 0.3

url:https://issues.jboss.org/):

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-42898

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-35737

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-22629

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22628

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2601

Trust: 0.2

url:https://submariner.io/.

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-3787

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22624

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-2601

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22662

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22628

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35527

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22662

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1304

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26717

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26710

Trust: 0.2

url:https://submariner.io/getting-started/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-40674

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26719

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-26709

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26700

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35527

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-37434

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-2509

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-3515

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26716

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-3775

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1304

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-3709

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-35525

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35525

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-30293

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22624

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-26710

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-26700

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22629

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-30698

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-3709

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-30699

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-26709

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-41974

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2509

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-41717

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-47629

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-4415

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://support.apple.com/en-us/ht201222.

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-32149

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0795

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/add-ons-overview#submariner-deploy-console

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35065

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-4883

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-46175

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3821

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-46175

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-46285

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-35065

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42010

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-44617

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0634

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-46285

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-43680

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-44617

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42011

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-48303

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-47629

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:1181

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-48303

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-4415

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-41717

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/submariner#deploying-submariner-console

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27664

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41715

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2880

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0631

Trust: 0.1

url:https://support.apple.com/ht213505.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42867

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42849

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42842

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42866

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42845

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42865

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42863

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42864

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42843

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42852

Trust: 0.1

url:https://support.apple.com/kb/ht204641

Trust: 0.1

url:https://support.apple.com/ht213536.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42837

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42859

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41966

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2869

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-31690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2520

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2867

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2057

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2867

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2520

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2869

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2868

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2057

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2519

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2058

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2868

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2521

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:1286

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2953

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2953

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-46364

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2519

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2056

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2056

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21835

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-31690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2058

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/glsa/202210-39

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: VULHUB: VHN-429429 // JVNDB: JVNDB-2022-023015 // PACKETSTORM: 171026 // PACKETSTORM: 170955 // PACKETSTORM: 171318 // PACKETSTORM: 170898 // PACKETSTORM: 169857 // PACKETSTORM: 170318 // PACKETSTORM: 171399 // PACKETSTORM: 169620 // CNNVD: CNNVD-202210-1031 // NVD: CVE-2022-40303

CREDITS

Google Security Research

Trust: 0.6

sources: CNNVD: CNNVD-202210-1031

SOURCES

db:VULHUBid:VHN-429429
db:JVNDBid:JVNDB-2022-023015
db:PACKETSTORMid:171026
db:PACKETSTORMid:170955
db:PACKETSTORMid:171318
db:PACKETSTORMid:170898
db:PACKETSTORMid:169857
db:PACKETSTORMid:170318
db:PACKETSTORMid:171399
db:PACKETSTORMid:169620
db:CNNVDid:CNNVD-202210-1031
db:NVDid:CVE-2022-40303

LAST UPDATE DATE

2025-04-21T20:37:52.205000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-429429date:2023-01-11T00:00:00
db:JVNDBid:JVNDB-2022-023015date:2025-02-17T08:29:00
db:CNNVDid:CNNVD-202210-1031date:2023-06-30T00:00:00
db:NVDid:CVE-2022-40303date:2023-11-07T03:52:15.280

SOURCES RELEASE DATE

db:VULHUBid:VHN-429429date:2022-11-23T00:00:00
db:JVNDBid:JVNDB-2022-023015date:2023-11-24T00:00:00
db:PACKETSTORMid:171026date:2023-02-16T15:45:25
db:PACKETSTORMid:170955date:2023-02-10T15:48:32
db:PACKETSTORMid:171318date:2023-03-10T14:24:58
db:PACKETSTORMid:170898date:2023-02-08T16:00:47
db:PACKETSTORMid:169857date:2022-11-15T16:42:23
db:PACKETSTORMid:170318date:2022-12-22T02:13:22
db:PACKETSTORMid:171399date:2023-03-20T13:12:45
db:PACKETSTORMid:169620date:2022-11-01T13:29:06
db:CNNVDid:CNNVD-202210-1031date:2022-10-14T00:00:00
db:NVDid:CVE-2022-40303date:2022-11-23T00:15:11.007