ID

VAR-202210-0997


CVE

CVE-2022-40303


TITLE

Red Hat Security Advisory 2023-0709-01

Trust: 0.1

sources: PACKETSTORM: 170956

DESCRIPTION

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. libxml2 is an open source library for parsing XML documents. It is written in C language and can be called by many languages, such as C language, C++, XSH. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) For more details about the security issues, including the impact; a CVSS score; acknowledgments; and other related information refer to the CVE pages linked in the References section. Bugs fixed (https://bugzilla.redhat.com/): 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2154755 - Release of OpenShift Serverless Eventing 1.27.0 2154757 - Release of OpenShift Serverless Serving 1.27.0 5. Bugs fixed (https://bugzilla.redhat.com/): 2171870 - CVE-2023-0923 odh-notebook-controller-container: Missing authorization allows for file contents disclosure 5. JIRA issues fixed (https://issues.jboss.org/): RHODS-6123 - Update dsp repo to match upstream kfp-tekton repo RHODS-6136 - Verify status of manifests RHODS-6330 - Remove Openvino and Etcd images from quay for self-managed deployments RHODS-6779 - [Model Serving] fallback image for ovms is not published, leading to image pull errors in upgrade scenarios 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-12-13-8 watchOS 9.2 watchOS 9.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213536. Accounts Available for: Apple Watch Series 4 and later Impact: A user may be able to view sensitive user information Description: This issue was addressed with improved data protection. CVE-2022-42843: Mickey Jin (@patch1t) AppleAVD Available for: Apple Watch Series 4 and later Impact: Parsing a maliciously crafted video file may lead to kernel code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46694: Andrey Labunets and Nikita Tarakanov AppleMobileFileIntegrity Available for: Apple Watch Series 4 and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by enabling hardened runtime. CVE-2022-42865: Wojciech Reguła (@_r3ggi) of SecuRing CoreServices Available for: Apple Watch Series 4 and later Impact: An app may be able to bypass Privacy preferences Description: Multiple issues were addressed by removing the vulnerable code. CVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of Offensive Security ImageIO Available for: Apple Watch Series 4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46693: Mickey Jin (@patch1t) IOHIDFamily Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42864: Tommy Muir (@Muirey03) IOMobileFrameBuffer Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46690: John Aakerblom (@jaakerblom) iTunes Store Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation. CVE-2022-42837: an anonymous researcher Kernel Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with additional validation. CVE-2022-46689: Ian Beer of Google Project Zero Kernel Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year Lab Kernel Available for: Apple Watch Series 4 and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42845: Adam Doupé of ASU SEFCOM libxml2 Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2022-40303: Maddie Stone of Google Project Zero libxml2 Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project Zero Safari Available for: Apple Watch Series 4 and later Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2022-46695: KirtiKumar Anandrao Ramchandani Software Update Available for: Apple Watch Series 4 and later Impact: A user may be able to elevate privileges Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions. CVE-2022-42849: Mickey Jin (@patch1t) Weather Available for: Apple Watch Series 4 and later Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches. CVE-2022-42866: an anonymous researcher WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 245521 CVE-2022-42867: Maddie Stone of Google Project Zero WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. WebKit Bugzilla: 245466 CVE-2022-46691: an anonymous researcher WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may bypass Same Origin Policy Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 246783 CVE-2022-46692: KirtiKumar Anandrao Ramchandani WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day Initiative WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. WebKit Bugzilla: 246942 CVE-2022-46696: Samuel Groß of Google V8 Security WebKit Bugzilla: 247562 CVE-2022-46700: Samuel Groß of Google V8 Security WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved checks. CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 247420 CVE-2022-46699: Samuel Groß of Google V8 Security WebKit Bugzilla: 244622 CVE-2022-42863: an anonymous researcher Additional recognition Kernel We would like to acknowledge Zweig of Kunlun Lab for their assistance. Safari Extensions We would like to acknowledge Oliver Dunk and Christian R. of 1Password for their assistance. WebKit We would like to acknowledge an anonymous researcher and scarlet for their assistance. Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFX4ACgkQ4RjMIDke NxlyKA//eeU/txeqNxHM7JQE6xFrlla1tinQYMjbLhMgzdTbKpPjX8aHVqFfLB/Q 5nH+NqrGs4HQwNQJ6fSiBIId0th71mgX7W3Noa1apzFh7Okl6IehczkAFB9OH7ve vnwiEECGU0hUNmbIi0s9HuuBo6eSNPFsJt0Jqn8ovV+F9bc+ftl/IRv6q2vg3rl3 DNag62BCmCN4uXmqoJ4CKg7cNbddvma0bDbB1yYujxdmFwm4JGN6aittXE3WtPK2 GH2/UxdZll8FR7Zegh1ziUcTaLR4dwHlXRFgc6WC8hqx6T8imNh1heAPwzhT+Iag piObDoMs7UYFKF/eQ8LUcl4hX8IOdLFO5I+BcvCzOcKqHutPqbE8QRU9yqjcQlsJ sOV7GT9W9J+QhibpIJbLVkkQp5djPZ8mLP0OKiRN1quEDWMrquPdM+r9ftJwEIki PLL/ur9c7geXCJCLzglMSMkNcoGZk77qzfJuPdoE0lD6zjdvBHalF5j8S0a1+9gi ex3zU1I+ixqg7CvLNfkSjLcO9KOoPEFHnqEFrrO17QWWyraugrPgV0dMYArGRBpA FofYP6bXLv8eSUNuyOoQxF6kS4ChYgLUabl2NYqop9LoRWAtDAclTiabuvDJPfqA W09wxdhbpp2saxt8LlQjffzOmHJST6oHhHZiFiFswRM0q0nue6I= =DltD -----END PGP SIGNATURE----- . CVE-2022-42854: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. CVE-2022-42848: ABC Research s.r.o File System Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-Year Lab Graphics Driver Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Parsing a maliciously crafted video file may lead to unexpected system termination Description: The issue was addressed with improved memory handling. CVE-2022-42846: Willy R. CVE-2022-42840: an anonymous researcher Preferences Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An app may be able to use arbitrary entitlements Description: A logic issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1. WebKit Bugzilla: 248266 CVE-2022-42856: Clément Lecigne of Google's Threat Analysis Group This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.7.2 and iPadOS 15.7.2". Bugs fixed (https://bugzilla.redhat.com/): 2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be 2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents 2167819 - CVE-2023-23947 ArgoCD: Users with any cluster secret update access may update out-of-bounds cluster secrets 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: libxml2: Multiple Vulnerabilities Date: October 31, 2022 Bugs: #877149 ID: 202210-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution. Background ========== libxml2 is the XML C parser and toolkit developed for the GNOME project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.10.3 >= 2.10.3 Description =========== Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.10.3" References ========== [ 1 ] CVE-2022-40303 https://nvd.nist.gov/vuln/detail/CVE-2022-40303 [ 2 ] CVE-2022-40304 https://nvd.nist.gov/vuln/detail/CVE-2022-40304 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202210-39 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Summary: OpenShift sandboxed containers 1.4.1 is now available. Description: OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. Red Hat discovered that when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. (CVE-2023-3089) For more information about the additional fixes in this release, see the Release Notes documentation: https://access.redhat.com/documentation/en-us/openshift_sandboxed_containers/1.4/html-single/openshift_sandboxed_containers_release_notes/ 3. Bugs fixed (https://bugzilla.redhat.com/): 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 5. JIRA issues fixed (https://issues.redhat.com/): KATA-2121 - taints/tolerations from kata-monitor daemonset removed by reconciliation KATA-2212 - operator, must-gather, and cloud-api-adapter dockerfiles use ubi8 base images KATA-2299 - 1.4.1 build showing 1.4.0 version OCPBUGS-15175 - [Major Incident] CVE-2023-3089 osc-operator-container: openshift: OCP & FIPS mode [rhosc-1-4] 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update Advisory ID: RHSA-2023:3742-02 Product: Red Hat OpenShift Data Foundation Advisory URL: https://access.redhat.com/errata/RHSA-2023:3742 Issue date: 2023-06-21 CVE Names: CVE-2015-20107 CVE-2018-25032 CVE-2020-10735 CVE-2020-16250 CVE-2020-16251 CVE-2020-17049 CVE-2021-3765 CVE-2021-3807 CVE-2021-4231 CVE-2021-4235 CVE-2021-4238 CVE-2021-28861 CVE-2021-43519 CVE-2021-43998 CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2021-44964 CVE-2021-46828 CVE-2021-46848 CVE-2022-0670 CVE-2022-1271 CVE-2022-1304 CVE-2022-1348 CVE-2022-1586 CVE-2022-1587 CVE-2022-2309 CVE-2022-2509 CVE-2022-2795 CVE-2022-2879 CVE-2022-2880 CVE-2022-3094 CVE-2022-3358 CVE-2022-3515 CVE-2022-3517 CVE-2022-3715 CVE-2022-3736 CVE-2022-3821 CVE-2022-3924 CVE-2022-4415 CVE-2022-21824 CVE-2022-23540 CVE-2022-23541 CVE-2022-24903 CVE-2022-26280 CVE-2022-27664 CVE-2022-28805 CVE-2022-29154 CVE-2022-30635 CVE-2022-31129 CVE-2022-32189 CVE-2022-32190 CVE-2022-33099 CVE-2022-34903 CVE-2022-35737 CVE-2022-36227 CVE-2022-37434 CVE-2022-38149 CVE-2022-38900 CVE-2022-40023 CVE-2022-40303 CVE-2022-40304 CVE-2022-40897 CVE-2022-41316 CVE-2022-41715 CVE-2022-41717 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-42919 CVE-2022-43680 CVE-2022-45061 CVE-2022-45873 CVE-2022-46175 CVE-2022-47024 CVE-2022-47629 CVE-2022-48303 CVE-2022-48337 CVE-2022-48338 CVE-2022-48339 CVE-2023-0361 CVE-2023-0620 CVE-2023-0665 CVE-2023-2491 CVE-2023-22809 CVE-2023-24329 CVE-2023-24999 CVE-2023-25000 CVE-2023-25136 ===================================================================== 1. Summary: Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API. Security Fix(es): * goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238) * decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900) * vault: Hashicorp Vault AWS IAM Integration Authentication Bypass (CVE-2020-16250) * vault: GCP Auth Method Allows Authentication Bypass (CVE-2020-16251) * nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807) * go-yaml: Denial of Service in go-yaml (CVE-2021-4235) * vault: incorrect policy enforcement (CVE-2021-43998) * nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531) * nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532) * nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533) * golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517) * jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass (CVE-2022-23540) * jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC (CVE-2022-23541) * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635) * golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190) * consul: Consul Template May Expose Vault Secrets When Processing Invalid Input (CVE-2022-38149) * vault: insufficient certificate revocation list checking (CVE-2022-41316) * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) * golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723) * golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724) * golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725) * json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175) * vault: Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File (CVE-2023-0620) * hashicorp/vault: Vault’s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata (CVE-2023-0665) * Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation (CVE-2023-24999) * hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations (CVE-2023-25000) * validator: Inefficient Regular Expression Complexity in Validator.js (CVE-2021-3765) * nodejs: Prototype pollution via console.table properties (CVE-2022-21824) * golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes: https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements. 4. Bugs fixed (https://bugzilla.redhat.com/): 1786696 - UI->Dashboards->Overview->Alerts shows MON components are at different versions, though they are NOT 1855339 - Wrong version of ocs-storagecluster 1943137 - [Tracker for BZ #1945618] rbd: Storage is not reclaimed after persistentvolumeclaim and job that utilized it are deleted 1944687 - [RFE] KMS server connection lost alert 1989088 - [4.8][Multus] UX experience issues and enhancements 2005040 - Uninstallation of ODF StorageSystem via OCP Console fails, gets stuck in Terminating state 2005830 - [DR] DRPolicy resource should not be editable after creation 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2028193 - CVE-2021-43998 vault: incorrect policy enforcement 2040839 - CVE-2021-44531 nodejs: Improper handling of URI Subject Alternative Names 2040846 - CVE-2021-44532 nodejs: Certificate Verification Bypass via String Injection 2040856 - CVE-2021-44533 nodejs: Incorrect handling of certificate subject and issuer fields 2040862 - CVE-2022-21824 nodejs: Prototype pollution via console.table properties 2042914 - [Tracker for BZ #2013109] [UI] Refreshing web console from the pop-up is taking to Install Operator page. 2052252 - CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 [CVE] nodejs: various flaws [openshift-data-foundation-4] 2101497 - ceph_mon_metadata metrics are not collected properly 2101916 - must-gather is not collecting ceph logs or coredumps 2102304 - [GSS] Remove the entry of removed node from Storagecluster under Node Topology 2104148 - route ocs-storagecluster-cephobjectstore misconfigured to use http and https on same http route in haproxy.config 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 2115020 - [RDR] Sync schedule is not removed from mirrorpeer yaml after DR Policy is deleted 2115616 - [GSS] failing to change ownership of the NFS based PVC for PostgreSQL pod by using kube_pv_chown utility 2119551 - CVE-2022-38149 consul: Consul Template May Expose Vault Secrets When Processing Invalid Input 2120098 - [RDR] Even before an action gets fully completed, PeerReady and Available are reported as True in the DRPC yaml 2120944 - Large Omap objects found in pool 'ocs-storagecluster-cephfilesystem-metadata' 2124668 - CVE-2022-32190 golang: net/url: JoinPath does not strip relative path components in all circumstances 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2126299 - CVE-2021-3765 validator: Inefficient Regular Expression Complexity in Validator.js 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function 2135339 - CVE-2022-41316 vault: insufficient certificate revocation list checking 2139037 - [cee/sd]Unable to access s3 via RGW route ocs-storagecluster-cephobjectstore 2141095 - [RDR] Storage System page on ACM Hub is visible even when data observability is not enabled 2142651 - RFE: OSDs need ability to bind to a service IP instead of the pod IP to support RBD mirroring in OCP clusters 2142894 - Credentials are ignored when creating a Backing/Namespace store after prompted to enter a name for the resource 2142941 - RGW cloud Transition. HEAD/GET requests to MCG are failing with 403 error 2143944 - [GSS] unknown parameter name "FORCE_OSD_REMOVAL" 2144256 - [RDR] [UI] DR Application applied to a single DRPolicy starts showing connected to multiple policies due to console flickering 2151903 - [MCG] Azure bs/ns creation fails with target bucket does not exists 2152143 - [Noobaa Clone] Secrets are used in env variables 2154250 - NooBaa Bucket Quota alerts are not working 2155507 - RBD reclaimspace job fails when the PVC is not mounted 2155743 - ODF Dashboard fails to load 2156067 - [RDR] [UI] When Peer Ready isn't True, UI doesn't reset the error message even when no subscription group is selected 2156069 - [UI] Instances of OCS can be seen on BlockPool action modals 2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method 2156519 - 4.13: odf-csi-addons-operator failed with OwnNamespace InstallModeType not supported 2156727 - CVE-2021-4235 go-yaml: Denial of Service in go-yaml 2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be 2157876 - [OCP Tracker] [UI] When OCP and ODF are upgraded, refresh web console pop-up doesn't appear after ODF upgrade resulting in dashboard crash 2158922 - Namespace store fails to get created via the ODF UI 2159676 - rbd-mirror logs are rotated very frequently, increase the default maxlogsize for rbd-mirror 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 2161879 - logging issue when deleting webhook resources 2161937 - collect kernel and journal logs from all worker nodes 2162257 - [RDR][CEPHFS] sync/replication is getting stopped for some pvc 2164617 - Unable to expand ocs-storagecluster-ceph-rbd PVCs provisioned in Filesystem mode 2165495 - Placement scheduler is using too much resources 2165504 - Sizer sharing link is broken 2165929 - [RFE] ODF bluewash introduction in 4.12.x 2165938 - ocs-operator CSV is missing disconnected env annotation. 2165984 - [RDR] Replication stopped for images is represented with incorrect color 2166222 - CSV is missing disconnected env annotation and relatedImages spec 2166234 - Application user unable to invoke Failover and Relocate actions 2166869 - Match the version of consoleplugin to odf operator 2167299 - [RFE] ODF bluewash introduction in 4.12.x 2167308 - [mcg-clone] Security and VA issues with ODF operator 2167337 - CVE-2020-16250 vault: Hashicorp Vault AWS IAM Integration Authentication Bypass 2167340 - CVE-2020-16251 vault: GCP Auth Method Allows Authentication Bypass 2167946 - CSV is missing disconnected env annotation and relatedImages spec 2168113 - [Ceph Tracker BZ #2141110] [cee/sd][Bluestore] Newly deployed bluestore OSD's showing high fragmentation score 2168635 - fix redirect link to operator details page (OCS dashboard) 2168840 - [Fusion-aaS][ODF 4.13]Within 'prometheus-ceph-rules' the namespace for 'rook-ceph-mgr' jobs should be configurable. 2168849 - Must-gather doesn't collect coredump logs crucial for OSD crash events 2169375 - CVE-2022-23541 jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC 2169378 - CVE-2022-23540 jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass 2169779 - [vSphere]: rook-ceph-mon-* pvc are in pending state 2170644 - CVE-2022-38900 decode-uri-component: improper input validation resulting in DoS 2170673 - [RDR] Different replication states of PVC images aren't correctly distinguished and representated on UI 2172089 - [Tracker for Ceph BZ 2174461] rook-ceph-nfs pod is stuck at status 'CreateContainerError' after enabling NFS in ODF 4.13 2172365 - [csi-addons] odf-csi-addons-operator oomkilled with fresh installation 4.12 2172521 - No OSD pods are created for 4.13 LSO deployment 2173161 - ODF-console can not start when you disable IPv6 on Node with kernel parameter. 2173528 - Creation of OCS operator tag automatically for verified commits 2173534 - When on StorageSystem details click on History back btn it shows blank body 2173926 - [RFE] Include changes in MCG for new Ceph RGW transition headers 2175612 - noobaa-core-0 crashing and storagecluster not getting to ready state during ODF deployment with FIPS enabled in 4.13cluster 2175685 - RGW OBC creation via the UI is blocked by "Address form errors to proceed" error 2175714 - UI fix- capitalization 2175867 - Rook sets cephfs kernel mount options even when mon is using v1 port 2176080 - odf must-gather should collect output of oc get hpa -n openshift-storage 2176456 - [RDR] ramen-hub-operator and ramen-dr-cluster-operator is going into CLBO post deployment 2176739 - [UI] CSI Addons operator icon is broken 2176776 - Enable save options only when the protected apps has labels for manage DRPolicy 2176798 - [IBM Z ] Multi Cluster Orchestrator operator is not available in the Operator Hub 2176809 - [IBM Z ] DR operator is not available in the Operator Hub 2177134 - Next button if disabled for storage system deployment flow for IBM Ceph Storage security and network step when there is no OCS installed already 2177221 - Enable DR dashboard only when ACM observability is enabled 2177325 - Noobaa-db pod is taking longer time to start up in ODF 4.13 2177695 - DR dashbaord showing incorrect RPO data 2177844 - CVE-2023-24999 Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation 2178033 - node topology warnings tab doesn't show pod warnings 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics 2178588 - No rack names on ODF Topology 2178619 - odf-operator failing to resolve its sub-dependencies leaving the ocs-consumer/provider addon in a failed and halted state 2178682 - [GSS] Add the valid AWS GovCloud regions in OCS UI. 2179133 - [UI] A blank page appears while selecting Storage Pool for creating Encrypted Storage Class 2179337 - Invalid storage system href link on the ODF multicluster dashboard 2179403 - (4.13) Mons are failing to start when msgr2 is required with RHCS 6.1 2179846 - [IBM Z] In RHCS external mode Cephobjectstore creation fails as it reports that the "object store name cannot be longer than 38 characters" 2179860 - [MCG] Bucket replication with deletion sync isn't complete 2179976 - [ODF 4.13] Missing the status-reporter binary causing pods "report-status-to-provider" remain in CreateContainerError on ODF to ODF cluster on ROSA 2179981 - ODF Topology search bar mistakes to find searched node/pod 2179997 - Topology. Exit full screen does not appear in Full screen mode 2180211 - StorageCluster stuck in progressing state for Thales KMS deployment 2180397 - Last sync time is missing on application set's disaster recovery status popover 2180440 - odf-monitoring-tool. YAML file misjudged as corrupted 2180921 - Deployment with external cluster in ODF 4.13 with unable to use cephfs as backing store for image_registry 2181112 - [RDR] [UI] Hide disable DR functionality as it would be un-tested in 4.13 2181133 - CI: backport E2E job improvements 2181446 - [KMS][UI] PVC provisioning failed in case of vault kubernetes authentication is configured. 2181535 - [GSS] Object storage in degraded state 2181551 - Build: move to 'dependencies' the ones required for running a build 2181832 - Create OBC via UI, placeholder on StorageClass dropped 2181949 - [ODF Tracker] [RFE] Catch MDS damage to the dentry's first snapid 2182041 - OCS-Operator expects NooBaa CRDs to be present on the cluster when installed directly without ODF Operator 2182296 - [Fusion-aaS][ODF 4.13]must-gather does not collect relevant logs when storage cluster is not in openshift-storage namespace 2182375 - [MDR] Not able to fence DR clusters 2182644 - [IBM Z] MDR policy creation fails unless the ocs-operator pod is restarted on the managed clusters 2182664 - Topology view should hide the sidebar when changing levels 2182703 - [RDR] After upgrading from 4.12.2 to 4.13.0 version.odf.openshift.io cr is not getting updated with latest ODF version 2182972 - CVE-2023-25000 hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations 2182981 - CVE-2023-0665 hashicorp/vault: Vault?s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata 2183155 - failed to mount the the cephfs subvolume as subvolumegroup name is not sent in the GetStorageConfig RPC call 2183196 - [Fusion-aaS] Collect Must-gather logs from the managed-fusion agent namesapce 2183266 - [Fusion aaS Rook ODF 4.13]] Rook-ceph-operator pod should allow OBC CRDs to be optional instead of causing a crash when not present 2183457 - [RDR] when running any ceph cmd we see error 2023-03-31T08:25:31.844+0000 7f8deaffd640 -1 monclient(hunting): handle_auth_bad_method server allowed_methods [2] but i only support [2,1] 2183478 - [MDR][UI] Cannot relocate subscription based apps, Appset based apps are possible to relocate 2183520 - [Fusion-aaS] csi-cephfs-plugin pods are not created after installing ocs-client-operator 2184068 - [Fusion-aaS] Failed to mount CephFS volumes while creating pods 2184605 - [ODF 4.13][Fusion-aaS] OpenShift Data Foundation Client operator is listed in OperatorHub and installable from UI 2184663 - CVE-2023-0620 vault: Vault?s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File 2184769 - {Fusion-aaS][ODF 4.13]Remove storageclassclaim cr and create new cr storageclass request cr 2184773 - multicluster-orchestrator should not reset spec.network.multiClusterService.Enabled field added by user 2184892 - Don't pass encryption options to ceph cluster in odf external mode to provider/consumer cluster 2184984 - Topology Sidebar alerts panel: alerts accordion does not toggle when clicking on alert severity text 2185164 - [KMS][VAULT] PVC provisioning is failing when the Vault (HCP) Kubernetes authentication is set. 2185188 - Fix storagecluster watch request for OCSInitialization 2185757 - add NFS dashboard 2185871 - [MDR][ACM-Tracker] Deleting an Appset based application does not delete its placement 2186171 - [GSS] "disableLoadBalancerService: true" config is reconciled after modifying the number of NooBaa endpoints 2186225 - [RDR] when running any ceph cmd we see error 2023-03-31T08:25:31.844+0000 7f8deaffd640 -1 monclient(hunting): handle_auth_bad_method server allowed_methods [2] but i only support [2,1] 2186475 - handle different network connection spec & Pass appropriate options for all the cases of Network Spec 2186752 - [translations] add translations for 4.13 2187251 - sync ocs and odf with the latest rook 2187296 - [MCG] Can't opt out of deletions sync once log-based replication with deletions sync is set 2187736 - [RDR] Replication history graph is showing incorrect value 2187952 - When cluster controller is cancelled frequently, multiple simultaneous controllers cause issues since need to wait for shutdown before continuing new controller 2187969 - [ODFMS-Migration ] [OCS Client Operator] csi-rbdplugin stuck in ImagePullBackOff on consumer clusters after Migration 2187986 - [MDR] ramen-dr-cluster-operator pod is in CLBO after assigning dr policy to an appset based app 2188053 - ocs-metrics-exporter cannot list/watch StorageCluster, StorageClass, CephBlockPool and other resources 2188238 - [RDR] Avoid using the terminologies "SLA" in DR dashbaord 2188303 - [RDR] Maintenance mode is not enabled after initiating failover action 2188427 - [External mode upgrade]: Upgrade from 4.12 -> 4.13 external mode is failing because rook-ceph-operator is not reaching clean state 2188666 - wrong label in new storageclassrequest cr 2189483 - After upgrade noobaa-db-pg-0 pod using old image in one of container 2189929 - [RDR/MDR] [UI] Dashboard fon size are very uneven 2189982 - [RDR] ocs_rbd_client_blocklisted datapoints and the corresponding alert is not getting generated 2189984 - [KMS][VAULT] Storage cluster remains in 'Progressing' state during deployment with storage class encryption, despite all pods being up and running. 2190129 - OCS Provider Server logs are incorrect 2190241 - nfs metric details are unavailable and server health is displaying as "Degraded" under Network file system tab in UI 2192088 - [IBM P] rbd_default_map_options value not set to ms_mode=secure in in-transit encryption enabled ODF cluster 2192670 - Details tab for nodes inside Topology throws "Something went wrong" on IBM Power platform 2192824 - [4.13] Fix Multisite in external cluster 2192875 - Enable ceph-exporter in rook 2193114 - MCG replication is failing due to OC binary incompatible on Power platform 2193220 - [Stretch cluster] CephCluster is updated frequently due to changing ordering of zones 2196176 - MULTUS UI, There is no option to change the multus configuration after we configure the params 2196236 - [RDR] With ACM 2.8 User is not able to apply Drpolicy to subscription workload 2196298 - [RDR] DRPolicy doesn't show connected application when subscription based workloads are deployed via CLI 2203795 - ODF Monitoring is missing some of the ceph_* metric values 2208029 - nfs server health is always displaying as "Degraded" under Network file system tab in UI. 2208079 - rbd mirror daemon is commonly not upgraded 2208269 - [RHCS Tracker] After add capacity the rebalance does not complete, and we see 2 PGs in active+clean+scrubbing and 1 active+clean+scrubbing+deep 2208558 - [MDR] ramen-dr-cluster-operator pod crashes during failover 2208962 - [UI] ODF Topology. Degraded cluster don't show red canvas on cluster level 2209364 - ODF dashboard crashes when OCP and ODF are upgraded 2209643 - Multus, Cephobjectstore stuck on Progressing state because " failed to create or retrieve rgw admin ops user" 2209695 - When collecting Must-gather logs shows /usr/bin/gather_ceph_resources: line 341: jq: command not found 2210964 - [UI][MDR] After hub recovery in overview tab of data policies Application set apps count is not showing 2211334 - The replication history graph is very unclear 2211343 - [MCG-Only]: upgrade failed from 4.12 to 4.13 due to missing CSI_ENABLE_READ_AFFINITY in ConfigMap openshift-storage/ocs-operator-config 2211704 - Multipart uploads fail to a Azure namespace bucket when user MD is sent as part of the upload 5. References: https://access.redhat.com/security/cve/CVE-2015-20107 https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2020-10735 https://access.redhat.com/security/cve/CVE-2020-16250 https://access.redhat.com/security/cve/CVE-2020-16251 https://access.redhat.com/security/cve/CVE-2020-17049 https://access.redhat.com/security/cve/CVE-2021-3765 https://access.redhat.com/security/cve/CVE-2021-3807 https://access.redhat.com/security/cve/CVE-2021-4231 https://access.redhat.com/security/cve/CVE-2021-4235 https://access.redhat.com/security/cve/CVE-2021-4238 https://access.redhat.com/security/cve/CVE-2021-28861 https://access.redhat.com/security/cve/CVE-2021-43519 https://access.redhat.com/security/cve/CVE-2021-43998 https://access.redhat.com/security/cve/CVE-2021-44531 https://access.redhat.com/security/cve/CVE-2021-44532 https://access.redhat.com/security/cve/CVE-2021-44533 https://access.redhat.com/security/cve/CVE-2021-44964 https://access.redhat.com/security/cve/CVE-2021-46828 https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-0670 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-1348 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1587 https://access.redhat.com/security/cve/CVE-2022-2309 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-2795 https://access.redhat.com/security/cve/CVE-2022-2879 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-3094 https://access.redhat.com/security/cve/CVE-2022-3358 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-3517 https://access.redhat.com/security/cve/CVE-2022-3715 https://access.redhat.com/security/cve/CVE-2022-3736 https://access.redhat.com/security/cve/CVE-2022-3821 https://access.redhat.com/security/cve/CVE-2022-3924 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-21824 https://access.redhat.com/security/cve/CVE-2022-23540 https://access.redhat.com/security/cve/CVE-2022-23541 https://access.redhat.com/security/cve/CVE-2022-24903 https://access.redhat.com/security/cve/CVE-2022-26280 https://access.redhat.com/security/cve/CVE-2022-27664 https://access.redhat.com/security/cve/CVE-2022-28805 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/cve/CVE-2022-32189 https://access.redhat.com/security/cve/CVE-2022-32190 https://access.redhat.com/security/cve/CVE-2022-33099 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-38149 https://access.redhat.com/security/cve/CVE-2022-38900 https://access.redhat.com/security/cve/CVE-2022-40023 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-40897 https://access.redhat.com/security/cve/CVE-2022-41316 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2022-41724 https://access.redhat.com/security/cve/CVE-2022-41725 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-42919 https://access.redhat.com/security/cve/CVE-2022-43680 https://access.redhat.com/security/cve/CVE-2022-45061 https://access.redhat.com/security/cve/CVE-2022-45873 https://access.redhat.com/security/cve/CVE-2022-46175 https://access.redhat.com/security/cve/CVE-2022-47024 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2022-48303 https://access.redhat.com/security/cve/CVE-2022-48337 https://access.redhat.com/security/cve/CVE-2022-48338 https://access.redhat.com/security/cve/CVE-2022-48339 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-0620 https://access.redhat.com/security/cve/CVE-2023-0665 https://access.redhat.com/security/cve/CVE-2023-2491 https://access.redhat.com/security/cve/CVE-2023-22809 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/cve/CVE-2023-24999 https://access.redhat.com/security/cve/CVE-2023-25000 https://access.redhat.com/security/cve/CVE-2023-25136 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc

Trust: 1.89

sources: NVD: CVE-2022-40303 // VULHUB: VHN-429429 // VULMON: CVE-2022-40303 // PACKETSTORM: 170956 // PACKETSTORM: 171173 // PACKETSTORM: 170318 // PACKETSTORM: 170315 // PACKETSTORM: 170312 // PACKETSTORM: 171042 // PACKETSTORM: 169620 // PACKETSTORM: 173783 // PACKETSTORM: 173107

AFFECTED PRODUCTS

vendor:netappmodel:ontap select deploy administration utilityscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410cscope:eqversion: -

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:16.2

Trust: 1.0

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:netappmodel:clustered data ontap antivirus connectorscope:eqversion: -

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.7.2

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.7.2

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:xmlsoftmodel:libxml2scope:ltversion:2.10.3

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.6.2

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.7.2

Trust: 1.0

vendor:netappmodel:manageability sdkscope:eqversion: -

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:snapmanagerscope:eqversion: -

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:9.2

Trust: 1.0

sources: NVD: CVE-2022-40303

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-40303
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2022-40303
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2022-40303

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

sources: VULHUB: VHN-429429 // NVD: CVE-2022-40303

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 173107

TYPE

overflow, spoof, code execution

Trust: 0.2

sources: PACKETSTORM: 170318 // PACKETSTORM: 170312

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-429429

PATCH

title:Debian CVElist Bug Report Logs: libxml2: CVE-2022-40303: Integer overflows with XML_PARSE_HUGEurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=5e77d7ff7e5e68d6c261fad482d55aba

Trust: 0.1

title:Red Hat: url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-40303

Trust: 0.1

sources: VULMON: CVE-2022-40303

EXTERNAL IDS

db:NVDid:CVE-2022-40303

Trust: 2.1

db:PACKETSTORMid:170318

Trust: 0.2

db:PACKETSTORMid:171173

Trust: 0.2

db:PACKETSTORMid:169620

Trust: 0.2

db:PACKETSTORMid:170312

Trust: 0.2

db:PACKETSTORMid:171042

Trust: 0.2

db:PACKETSTORMid:170315

Trust: 0.2

db:PACKETSTORMid:170317

Trust: 0.1

db:PACKETSTORMid:170316

Trust: 0.1

db:PACKETSTORMid:170753

Trust: 0.1

db:PACKETSTORMid:169857

Trust: 0.1

db:PACKETSTORMid:171016

Trust: 0.1

db:PACKETSTORMid:169825

Trust: 0.1

db:PACKETSTORMid:170555

Trust: 0.1

db:PACKETSTORMid:171043

Trust: 0.1

db:PACKETSTORMid:170752

Trust: 0.1

db:PACKETSTORMid:170899

Trust: 0.1

db:PACKETSTORMid:170096

Trust: 0.1

db:PACKETSTORMid:170955

Trust: 0.1

db:PACKETSTORMid:169858

Trust: 0.1

db:PACKETSTORMid:169732

Trust: 0.1

db:PACKETSTORMid:170097

Trust: 0.1

db:PACKETSTORMid:171017

Trust: 0.1

db:PACKETSTORMid:170754

Trust: 0.1

db:PACKETSTORMid:171040

Trust: 0.1

db:PACKETSTORMid:171260

Trust: 0.1

db:CNNVDid:CNNVD-202210-1031

Trust: 0.1

db:VULHUBid:VHN-429429

Trust: 0.1

db:VULMONid:CVE-2022-40303

Trust: 0.1

db:PACKETSTORMid:170956

Trust: 0.1

db:PACKETSTORMid:173783

Trust: 0.1

db:PACKETSTORMid:173107

Trust: 0.1

sources: VULHUB: VHN-429429 // VULMON: CVE-2022-40303 // PACKETSTORM: 170956 // PACKETSTORM: 171173 // PACKETSTORM: 170318 // PACKETSTORM: 170315 // PACKETSTORM: 170312 // PACKETSTORM: 171042 // PACKETSTORM: 169620 // PACKETSTORM: 173783 // PACKETSTORM: 173107 // NVD: CVE-2022-40303

REFERENCES

url:https://security.netapp.com/advisory/ntap-20221209-0003/

Trust: 1.1

url:https://support.apple.com/kb/ht213531

Trust: 1.1

url:https://support.apple.com/kb/ht213533

Trust: 1.1

url:https://support.apple.com/kb/ht213534

Trust: 1.1

url:https://support.apple.com/kb/ht213535

Trust: 1.1

url:https://support.apple.com/kb/ht213536

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/dec/21

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/dec/24

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/dec/25

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/dec/26

Trust: 1.1

url:http://seclists.org/fulldisclosure/2022/dec/27

Trust: 1.1

url:https://gitlab.gnome.org/gnome/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0

Trust: 1.1

url:https://gitlab.gnome.org/gnome/libxml2/-/tags/v2.10.3

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40303

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-40304

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-40303

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-40304

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-47629

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-1304

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-46848

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-35737

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-2509

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-47629

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://www.apple.com/support/security/pgp/

Trust: 0.3

url:https://support.apple.com/en-us/ht201222.

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-42864

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-42898

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-27664

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42011

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2879

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42012

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2880

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-43680

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-41715

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1304

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-2509

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-46848

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42010

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23521

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-41903

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23521

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-41903

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-4415

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-42842

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-42845

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-42852

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-42837

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-42861

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-42840

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-42855

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-46689

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-4238

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-4238

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2023-24329

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-3715

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1271

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-28805

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-36227

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-34903

Trust: 0.2

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26717

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26716

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22662

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21835

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26719

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26700

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26717

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-3709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-21843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26719

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26700

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26709

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26716

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22628

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22628

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22624

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26710

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22662

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30293

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22629

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-3709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0923

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0923

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-4415

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0977

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42867

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42849

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42866

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42865

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42863

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42843

Trust: 0.1

url:https://support.apple.com/kb/ht204641

Trust: 0.1

url:https://support.apple.com/ht213536.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42859

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42841

Trust: 0.1

url:https://support.apple.com/ht213533.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42854

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32942

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42821

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-46691

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42848

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42846

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-46692

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-42856

Trust: 0.1

url:https://support.apple.com/ht213531.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3064

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0804

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-23947

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3064

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-23947

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/glsa/202210-39

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-2283

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3715

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0464

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-3089

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0465

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:4290

Trust: 0.1

url:https://access.redhat.com/security/vulnerabilities/rhsb-2023-001

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-34903

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-35737

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24736

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-1667

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-36227

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24736

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-1255

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-2650

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-28805

Trust: 0.1

url:https://issues.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0466

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_sandboxed_containers/1.4/html-single/openshift_sandboxed_containers_release_notes/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-26604

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30635

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23540

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41316

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2795

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-16250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0670

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3517

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-48303

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-45873

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3765

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-2491

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-20107

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43998

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40897

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41724

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21824

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44531

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41725

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-38149

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3821

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-25136

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26280

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-37434

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-48337

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43519

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1587

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-45061

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28861

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0620

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3807

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:3742

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43519

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-24999

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-25000

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-22809

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4235

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4235

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-31129

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40023

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-47024

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-16251

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28861

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3924

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44533

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-46175

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44532

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10735

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3358

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44964

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3736

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32189

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-17049

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24903

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43998

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-20107

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-38900

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32190

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0665

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1348

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41717

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3515

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-48338

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42919

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16251

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-33099

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-48339

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-46828

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2309

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3765

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23541

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41723

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-17049

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10735

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4231

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3807

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3094

Trust: 0.1

sources: VULHUB: VHN-429429 // VULMON: CVE-2022-40303 // PACKETSTORM: 170956 // PACKETSTORM: 171173 // PACKETSTORM: 170318 // PACKETSTORM: 170315 // PACKETSTORM: 170312 // PACKETSTORM: 171042 // PACKETSTORM: 169620 // PACKETSTORM: 173783 // PACKETSTORM: 173107 // NVD: CVE-2022-40303

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 170956 // PACKETSTORM: 171173 // PACKETSTORM: 171042 // PACKETSTORM: 173783 // PACKETSTORM: 173107

SOURCES

db:VULHUBid:VHN-429429
db:VULMONid:CVE-2022-40303
db:PACKETSTORMid:170956
db:PACKETSTORMid:171173
db:PACKETSTORMid:170318
db:PACKETSTORMid:170315
db:PACKETSTORMid:170312
db:PACKETSTORMid:171042
db:PACKETSTORMid:169620
db:PACKETSTORMid:173783
db:PACKETSTORMid:173107
db:NVDid:CVE-2022-40303

LAST UPDATE DATE

2024-12-21T20:41:10.065000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-429429date:2023-01-11T00:00:00
db:NVDid:CVE-2022-40303date:2023-11-07T03:52:15.280

SOURCES RELEASE DATE

db:VULHUBid:VHN-429429date:2022-11-23T00:00:00
db:PACKETSTORMid:170956date:2023-02-10T15:49:15
db:PACKETSTORMid:171173date:2023-02-28T17:09:39
db:PACKETSTORMid:170318date:2022-12-22T02:13:22
db:PACKETSTORMid:170315date:2022-12-22T02:12:10
db:PACKETSTORMid:170312date:2022-12-22T02:11:02
db:PACKETSTORMid:171042date:2023-02-17T16:04:17
db:PACKETSTORMid:169620date:2022-11-01T13:29:06
db:PACKETSTORMid:173783date:2023-07-27T14:18:01
db:PACKETSTORMid:173107date:2023-06-23T14:56:34
db:NVDid:CVE-2022-40303date:2022-11-23T00:15:11.007